Перейти к содержанию

Dynatrace Documentation: ingest-from/amazon-web-services

Generated: 2026-02-17

Files combined: 69


Source: aws-marketplace.md


title: AWS Marketplace private offer source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/aws-platform/aws-marketplace scraped: 2026-02-17T05:00:30.484096


AWS Marketplace private offer

AWS Marketplace private offer

  • How-to guide
  • 3-min read
  • Published May 26, 2025

The Dynatrace Platform Service can be licensed via the AWS Marketplace according to a private offer.

This page describes how to link your private offer with a Dynatrace environment. You can either link an existing Dynatrace environment that was created with AWS, or create and link a new environment.

If you do not yet have a private offer, reach out to Dynatrace sales at sales@dynatrace.com.

Key terms

Private offer : A customer-specific license proposal that has been prepared by Dynatrace. It includes a custom rate card with the agreed-upon capabilities and prices.

Public cloud service : Computing services offered by a third-party provider. Dynatrace can be licensed via a public cloud service.

Dynatrace environment : A Dynatrace environment is where all your Dynatrace performance analysis takes place. Environments have a unique identifier in the format abc12345.

Prerequisites

  • You already have a customized private offer for Dynatrace in the AWS Marketplace.
  • If you are linking an existing Dynatrace account, your Dynatrace user needs to have the View and manage account billing information permissions for that account.

Steps

Follow the steps below to link your private offer to a Dynatrace account.

Link an existing Dynatrace account

Create a new Dynatrace account to link

If you already have an existing Dynatrace account and environment on AWS, follow the steps below to link the account to your AWS Marketplace private offer. This can be either a trial or production environment, as long as it is in an active state.

  1. In AWS Marketplace, open your Dynatrace private offer.
  2. Accept your Dynatrace private offer.
  3. Select Set up your account.
  4. On the Welcome to your new Dynatrace Platform Subscription page, select Link existing account.
  5. Sign in as the Dynatrace user that is assigned to the account you want to link.

  6. Enter the email address, then select Next.

  7. Enter the account password, then select Next.
  8. Depending on how many accounts the user is assigned to, do one of the following:

  9. One account: The account is recognized automatically and you can continue to the next step.

  10. Multiple accounts: In the Account to link drop-down menu, select the specific account that you want to link this private offer to. Then, continue to the next step.
  11. More than 20 accounts: In the Account UUID field, specify the Account UUID from the account that you want to link this private offer to. Then, continue to the next step.

    To get your Account UUID, go to Account Management and copy the UUID from the URL of the address field of your browser. 7. Once you've signed in with the chosen account, your account information is displayed in User details, Account details, and Environments. This is the account that will be linked to your private offer, so verify the details are correct. 8. Select the check box next to I agree to link this Dynatrace account with my marketplace subscription., then select Next.

This step cannot be undone.

When the Congratulations! window appears, your private offer is now linked to the chosen Dynatrace account.

Your subscription information in Account Management will reflect the fully-credited new license within three days. In the meantime, you can start using your Dynatrace environment according to the account's existing license (if you linked an existing account) or with a trial license (if you created a new account).

Select Open Dynatrace to start using Dynatrace and Set up Dynatrace on Amazon Web Services.

If you don't yet have a Dynatrace account, follow the steps below to create an account and link it to your AWS Marketplace private offer.

  1. In AWS Marketplace, open your Dynatrace private offer.
  2. Accept your Dynatrace private offer.
  3. Select Set up your account.
  4. On the Welcome to your new Dynatrace Platform Subscription page, select Create a new account.
  5. Enter the required information as described on the page:

  6. User details

  7. Account details
  8. Environment details
  9. Select Create account.

A You're almost done! window appears. Dynatrace creates a new account and environment according to the information that you have entered. This step may take up to 5 minutes to complete.

When the account is successfully created, a Congratulations! window appears. Your private offer is now linked to the Dynatrace account that you just created.

Your subscription information in Account Management will reflect the fully-credited new license within three days. In the meantime, you can start using your Dynatrace environment according to the account's existing license (if you linked an existing account) or with a trial license (if you created a new account).

Select Open Dynatrace to start using Dynatrace and Set up Dynatrace on Amazon Web Services.


Source: set-up-cors-in-amazon-s3.md


title: Set up CORS on Amazon S3 source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/aws-platform/set-up-cors-in-amazon-s3 scraped: 2026-02-17T04:51:25.276977


Set up CORS on Amazon S3

Set up CORS on Amazon S3

  • How-to guide
  • 3-min read
  • Published Jul 19, 2017

Use these guidelines to set up CORS (cross-origin HTTP requests) in AWS for buckets within Amazon S3 (Simple Storage Service). To learn more about CORS and how it works, see HTTP access control (CORS).

Introduction

Modern web browsers don't provide access to error information in window.onerror for scripts that are loaded across domains. This is a severe restriction that limits the usefulness of the Dynatrace JavaScript error-detection engine.

Without CORS, instead of providing error details and a stacktrace when an uncaught JavaScript error is thrown, a message such as the follow appears:

"Script error" is usually reported when an exception violates the browsers same-origin-policy i.e. when the error occurs in a script that is hosted on a domain other than the domain of the current page. If the script is received with the CORS HTTP headers set, it's possible to get the full error details for most browsers by adding the attribute crossorigin="anonymous" to the script tag. Unfortunately Internet Explorer 11 and Edge don't currently support the crossorigin attribute. Care is also required to only set the crossorigin attribute for scripts with CORS headers present as otherwise the script will not be executed anymore.

In order to gain full visibility into thrown JavaScript errors, CORS HTTP headers must be set on the cross-domain servers and the crossorigin attribute must be applied to the script tag. Before performing this step, you must configure Amazon S3.

Configure Amazon S3

The first step is to input CORS settings for your resources on S3. This is done at the bucket level. Unfortunately, it's not possible to input CORS settings for individual resources within buckets.

  1. Open the Amazon S3 console.
  2. Select the bucket that contains your resources.
  3. Select Permissions.
  4. Scroll down to Cross-origin resource sharing (CORS) and select Edit.
  5. Insert the CORS configuration in JSON format.

Example JSON:

[



{



"AllowedHeaders": [



"*"



],



"AllowedMethods": [



"GET",



"HEAD"



],



"AllowedOrigins": [



"*"



],



"ExposeHeaders": []



}



]

See Creating a cross-origin resource sharing (CORS) configuration for details. 6. Select Save changes to save your configuration.

Configure CloudFront

With Amazon S3 configured, it's now time to enable CORS headers in CloudFront. Otherwise the headers will be filtered out and this mechanism won't work.

  1. Open the CloudFront console. You should see a window similar to that shown below. Find your distribution in the list and click its ID link. If necessary, use the search field (highlighted below in red) to search for your distribution.

AWS cors 3 2. Now you should see your distribution. Click the Behaviors tab. Find the behavior entry for your resource, described in the Path Pattern column. Select the pattern and click Edit. If the behavior entry doesn't exist, you must create it.

AWS cors 4 3. Now we can edit the behavior settings. All CORS-relevant elements are highlighted in red below. First you must choose which HTTP method will be available for this behavior. For Allowed HTTP Methods, we recommend that you select the second or third option and select the OPTIONS check box, otherwise you won't be able to use CORS for REST calls, which use preflighted requests. 4. From the Forward Headers list, select Allowlist. You should then see the Allowlist headers menu. Select a particular header from the left listbox and click Add. If you don't see a particular header you can input it into Filter headers… textbox and click Add custom. For CORS, the most important headers are Origin and Access-Control-Allow-Origin. Other headers are optional and dependent on what you want to achieve. 5. Confirm your changes by clicking Yes, Edit.

AWS cors 5


Source: aws-connection-app-settings.md


title: Create an AWS connection via Settings source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/create-an-aws-connection/aws-connection-app-settings scraped: 2026-02-16T21:20:05.340613


Create an AWS connection via Settings

Create an AWS connection via Settings

  • Latest Dynatrace
  • How-to guide
  • Updated on Jan 09, 2026

Onboard your AWS account in few steps that will generate a deployable CloudFormation template.

The CloudFormation stack will deploy core mandatory resources inside your AWS account (Dynatrace IAM monitoring role, AWS secrets, Dynatrace API integration Lambda function).

After a successful deployment, a connection from Dynatrace to your AWS account will be created. Dynatrace will then perform API calls to your AWS account to poll and push telemetry into your Dynatrace environment.

The new integration does not deploy or use ActiveGate compute resources inside your AWS account to poll or push telemetry.

The experience is transparent and fully managed by Dynatrace.

Overview

General recommendations

We highly discourage onboarding AWS accounts that are actively monitored by our classic AWS integration. Onboarding such accounts might increase the likelihood of AWS APIs throttling, potentially resulting in service interruptions.

Limitations

  • GovCloud and China partitions are not supported.
  • Dynatrace is designed to support large and complex AWS environments. By default, a Dynatrace environment can accommodate up to 3,000 AWS connections (each connection representing a single AWS account).

This is a soft limit. If you plan to exceed this (per Dynatrace environment) we kindly ask you to open a support request so we can proactively increase this limit, ensuring a smooth experience.

  • AWS does not support EventBridge API destinations in all Regions. Therefore, event ingest is not available in Regions that don't support it. See EventBridge feature availability for details.

Prerequisites

Only a Dynatrace account administrator and an AWS administrator can successfully complete the initial prerequisites.

1. Create AWS IAM baseline

Actions in this section can and (should) only be performed by an AWS administrator.

All necessary AWS permissions must be granted to successfully deploy the CloudFormation stacks and associated AWS resources.

In environments where full duty separation is practiced, we recommend that the Dynatrace administrator shares the templates with the platform team/AWS administrators.

Core CFN templates

Conditional CFN templates (deployed based on user opt-in during onboarding)

AWS IAM permission policy for deploying the CloudFormation stacks

Make sure that an AWS user, or a role, used for the CloudFormation stacks deployment is granted with the following (minimum) permission policies.

To allow the least privilege—restricting users creating the AWS connections that follow a specific naming pattern, use the value for <Deployment-Stack-Name-Prefix>. This ensures that any connection created must adhere to this exact naming convention.

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "cloudformation0",



"Effect": "Allow",



"Action": [



"cloudformation:CreateStack",



"cloudformation:DescribeStacks",



"cloudformation:UpdateStack",



"cloudformation:ListStacks",



"cloudformation:DescribeStackResources",



"cloudformation:DeleteStack",



"cloudformation:CreateChangeSet",



"cloudformation:DescribeChangeSet",



"cloudformation:ExecuteChangeSet",



"cloudformation:CreateStackInstances",



"cloudformation:ListStackInstances",



"cloudformation:DescribeStackInstance",



"cloudformation:DeleteStackInstances",



"cloudformation:CreateStackSet",



"cloudformation:UpdateStackSet",



"cloudformation:DescribeStackSet",



"cloudformation:DescribeStackSetOperation",



"cloudformation:ListStackSetOperationResults",



"cloudformation:DeleteStackSet",



"cloudformation:TagResource",



"cloudformation:UntagResource"



],



"Resource": [



"arn:aws:cloudformation:*:<AWS-Account-ID>:stackset-target/*",



"arn:aws:cloudformation:<Deployment-Region>:<AWS-Account-ID>:stackset/Dynatrace*:*",



"arn:aws:cloudformation:<Deployment-Region>:<AWS-Account-ID>:stack/<Deployment-Stack-Name-Prefix>*/*",



"arn:aws:cloudformation:*:<AWS-Account-ID>:stack/StackSet-Dynatrace*/*",



"arn:aws:cloudformation:*:<AWS-Account-ID>:type/resource/*"



]



},



{



"Sid": "cloudformation1",



"Effect": "Allow",



"Action": [



"cloudformation:GetTemplate",



"cloudformation:ValidateTemplate",



"cloudformation:GetTemplateSummary"



],



"Resource": [



"*"



]



},



{



"Sid": "lambda",



"Effect": "Allow",



"Action": [



"lambda:CreateFunction",



"lambda:UpdateFunctionCode",



"lambda:UpdateFunctionConfiguration",



"lambda:GetFunction",



"lambda:InvokeFunction",



"lambda:DeleteFunction",



"lambda:TagResource",



"lambda:UntagResource"



],



"Resource": [



"arn:aws:lambda:<Deployment-Region>:<AWS-Account-ID>:function:DynatraceApiClientFunction*"



]



},



{



"Sid": "iam",



"Effect": "Allow",



"Action": [



"iam:CreatePolicy",



"iam:CreatePolicyVersion",



"iam:DeletePolicyVersion",



"iam:DeletePolicy",



"iam:CreateRole",



"iam:UpdateRole",



"iam:DeleteRole",



"iam:PassRole",



"iam:AttachRolePolicy",



"iam:PutRolePolicy",



"iam:DetachRolePolicy",



"iam:GetRole",



"iam:GetPolicy",



"iam:ListPolicyVersions",



"iam:TagPolicy",



"iam:TagRole",



"iam:UntagPolicy",



"iam:UntagRole",



"iam:GetRolePolicy",



"iam:UpdateAssumeRolePolicy",



"iam:DeleteRolePolicy"



],



"Resource": [



"arn:aws:iam::<AWS-Account-ID>:policy/<Deployment-Stack-Name-Prefix>*",



"arn:aws:iam::<AWS-Account-ID>:role/<Deployment-Stack-Name-Prefix>*",



"arn:aws:iam::<AWS-Account-ID>:role/Dynatrace*",



"arn:aws:iam::<AWS-Account-ID>:policy/Dynatrace*"



]



},



{



"Sid": "s3",



"Effect": "Allow",



"Action": [



"s3:GetObject",



"s3:CreateBucket",



"s3:DeleteBucket",



"s3:PutLifecycleConfiguration",



"s3:PutBucketTagging"



],



"Resource": [



"arn:aws:s3:::dynatrace*"



]



},



{



"Sid": "secretsmanager",



"Effect": "Allow",



"Action": [



"secretsmanager:CreateSecret",



"secretsmanager:DescribeSecret",



"secretsmanager:UpdateSecret",



"secretsmanager:GetSecretValue",



"secretsmanager:PutSecretValue",



"secretsmanager:TagResource",



"secretsmanager:DeleteSecret",



"secretsmanager:PutResourcePolicy",



"secretsmanager:DeleteResourcePolicy"



],



"Resource": [



"arn:aws:secretsmanager:<Deployment-Region>:<AWS-Account-ID>:secret:DynatraceAPIAccessToken*",



"arn:aws:secretsmanager:<Deployment-Region>:<AWS-Account-ID>:secret:DynatraceAPIPlatformToken*",



"arn:aws:secretsmanager:<Deployment-Region>:<AWS-Account-ID>:secret:/dynatrace/*"



]



},



{



"Sid": "kms0",



"Effect": "Allow",



"Action": [



"kms:CreateKey",



"kms:TagResource",



"kms:UntagResource"



],



"Resource": "*",



"Condition": {



"StringEquals": {



"aws:RequestTag/dt:CreatedBy": "Dynatrace"



}



}



},



{



"Sid": "kms1",



"Effect": "Allow",



"Action": [



"kms:CreateGrant",



"kms:RevokeGrant",



"kms:DescribeKey",



"kms:GetKeyPolicy",



"kms:PutKeyPolicy",



"kms:ScheduleKeyDeletion"



],



"Resource": "*",



"Condition": {



"StringEquals": {



"aws:ResourceTag/dt:CreatedBy": "Dynatrace"



}



}



},



{



"Sid": "kms2",



"Effect": "Allow",



"Action": [



"kms:CreateAlias",



"kms:DeleteAlias",



"kms:UpdateAlias"



],



"Resource": [



"arn:aws:kms:<Deployment-Region>:<AWS-Account-ID>:key/*"



],



"Condition": {



"StringEquals": {



"aws:ResourceTag/dt:CreatedBy": "Dynatrace"



}



}



},



{



"Sid": "kms3",



"Effect": "Allow",



"Action": [



"kms:CreateAlias",



"kms:DeleteAlias",



"kms:UpdateAlias"



],



"Resource": "arn:aws:kms:<Deployment-Region>:<AWS-Account-ID>:alias/dynatrace/*/keys/aws/integration/*"



},



{



"Sid": "logs0",



"Effect": "Allow",



"Action": [



"logs:DescribeLogGroups"



],



"Resource": "*"



},



{



"Sid": "logs1",



"Effect": "Allow",



"Action": [



"logs:DeleteLogGroup",



"logs:CreateLogGroup",



"logs:DeleteLogStream",



"logs:CreateLogStream",



"logs:DescribeLogStreams",



"logs:PutRetentionPolicy",



"logs:ListTagsForResource",



"logs:DescribeIndexPolicies",



"logs:AssociateKmsKey",



"logs:DisassociateKmsKey",



"logs:PutLogEvents",



"logs:TagResource"



],



"Resource": [



"arn:aws:logs:<Deployment-Region>:<AWS-Account-ID>:log-group:/aws/lambda/<Deployment-Stack-Name-Prefix>*",



"arn:aws:logs:<Deployment-Region>:<AWS-Account-ID>:log-group:/aws/lambda/DynatraceApiClientFunction-*"



]



}



]



}

At this point all, the AWS IAM baseline prerequisites have been completed. Keep in mind that the IAM role/user permissions are needed for each onboarded AWS account.

We recommend that an AWS administrator pre-create those IAM constructs programmatically.

2. Create the Dynatrace IAM baseline

Actions in this section can and (should) only be performed by the Dynatrace account administrator.

The new AWS Platform Monitoring has been integrated with the core Dynatrace Identity and Access Management (IAM) design.

Learn more about the basic concepts:

In this documentation section context:

Dynatrace account admin : A built-in user with View and manage users and groups permission.

CloudsAdmins : A customer-created custom IAM group where its members will be able to create and manage AWS connections in Settings Settings.

CloudAdmin : An IAM user, member of the CloudsAdmins group. The name is used here solely for context; any Dynatrace IAM user can be used.

Service user : A non-interactive IAM identity, against which platform tokens will be created.

Platform token : The authentication and authorization secrets used to establish a secure communication with the Dynatrace APIs. In our context, two platform tokens are to be created:

* `Settings PT`—allows the creation and managment of an AWS connection.
* `Ingest PT`—allows the programmatic ingest of push-based telemetry from AWS.

Data-Acquisition AWS Integration App : A Dynatrace-created built-in IAM policy which contains all the (least privilege) permission scopes required to support the creation and management of an AWS connection from Settings Settings. When using the new connection wizard, it will automatically create a new service user and linked platform tokens. It will also bind all required permissions to allow connection creation and management, and telemetry ingest from AWS (Firehose Logs and EventBridge Events).

Interactive IAM identity (IAM user)

  1. Create the CloudsAdmins group.

Once the CloudsAdmins group is created, select Permissions > Scope and add the Data-Acquisition AWS Integration App and Standard User policies.

Apply Account-Wide or Environment-Wide, then select Save.

Validate: The CloudsAdmins Permissions section should show:

  • Data-Acquisition AWS Integration App
  • Standard User
  • Assign your CloudAdmin IAM user (or any other Dynatrace IAM user) as a member of the CloudsAdmins group.

Onboarding

Before you start, make sure all prerequisites are completed.

  1. Log in to Dynatrace as the IAM user (member of the CloudsAdmins IAM group) and open Settings Settings.
  2. Go to Collect and capture > Cloud and virtualization > AWS and select New connection.

If the button is grayed out, it means you do not have the proper permissions to create a connection. Please, contact your administrator.

1. Select connection model

  1. Enter a friendly connection name that is unique (for example, MyEastProd3Account).
  2. Enter the AWS Account ID where you intend to deploy the connection.
  3. Choose the Deployment region.

The deployment region is the AWS Region from which the CloudFormation stack will be deployed.

If you plan to use the event ingest option, make sure to select a deployment region that supports EventBridge API destinations. 4. Select Next.

2. Select observability option

  1. Choose the Recommended observability path. Two paths are currently supported:

  2. Recommended: The monitoring configuration is an opinionated (immutable) option, only monitored Regions are customizable. Per AWS member account, this flow provides:

    • AWS account resources inventory using Clouds Clouds (for supported AWS services).
    • AWS account resources topology, depicted as rich resource entities using Clouds Clouds (for supported AWS services).
    • Amazon CloudWatch API metric polling (per enabled region) for our recommended services (automatically opted-in).
    • The Regions that were selected, allowing the AWS administrator to deploy Amazon Data Firehose streams for logs ingest as stacksets on the AWS Organizations Console.
    • Advanced: The most fine-grained path monitoring configuration. Allows the full customization any monitoring setting to meet advanced use cases.

Regardless of the selected path, customizing all the supported monitoring settings is possible post-onboarding.

The topology signal is an auto-enabled signal; you can't disable it. 2. Choose the monitored AWS Regions you want to monitor.

The monitored regions are the AWS Regions in which Dynatrace can securely poll metrics, topology and push logs from.

You need to enable us-east-1 regardless of your desired monitored regions, since global AWS resources reside in us-east-1. 3. Select Next.

After a successful onboarding, you'll be able to customize monitored AWS Regions and all other supported monitoring settings, per AWS member account.

3. Get platform tokens for service users

  1. Generate the settings and ingest tokens. Alternatively, you may also paste pre-existing tokens.
  2. Select Download and Next.

If the download button is grayed out, that means that the Dynatrace token fields are not populated with platform tokens.

4. Finalize

  1. Go to the AWS Console and log in to the designated AWS account with an AWS IAM user that has all the needed permissions to deploy the CloudFormation stacks.
  2. Select Deploy the CloudFormation in AWS Console.

If you practice roles duty separation, the Dynatrace admin may have no access/permissions to the AWS environment.

In this case, select the Copy Deployment Link.

Share this deeplink and the downloaded platform tokens CSV file with your platform team and/or AWS Admins.

This will allow them to deploy the CloudFormation stack with the wizard configurations that you have set.

  1. Copy the settings and ingest tokens from the downloaded CSV file (the file name will follow the connection friendly name) and paste them into the corresponding CloudFormation parameters (settings token, ingest token).
  2. Deploy the stack.
  3. When the CloudFormation stacks deployment finishes successfully (which can take up to 15 minutes), go back to the wizard and confirm.

If the CloudFormation stack deployment failed, see Troubleshooting.

5. Configure Health alerts and Warning signalsOptional

You can configure Health alerts and Warning signals now or later.

Health alerts and warning signals help you monitor your infrastructure by providing clear, actionable insights. These features reduce the noise from infrastructure issues and improve alerting capabilities, so you can focus on what matters most. This is achieved through better categorization of detected malfunctions.

  • For critical events, a Health alert is raised, triggering a Dynatrace Problems investigation.
  • For non-critical situations, a Warning signal informs you of a potential challenge.

Successful onboarding involves two elements:

  • In Settings Settings > Collect and capture > Cloud and virtualization > AWS, the new AWS connection is Healthy.
  • In the AWS CloudFormation console, the CloudFormation stacks are in CREATE_COMPLETE status.

What's next?

Troubleshooting

The New connection functionality is disabled. When I hover on it, I see a message that I don't have the permissions.

Make sure that your Dynatrace IAM user has the proper permission scopes to create and manage a connection. For details, see the Create the Dynatrace IAM baseline section.

The CloudFormation stack did not complete successfully. How do I troubleshoot for the root cause?

If your CloudFormation deployment fails, it's often related to a lack of AWS IAM permissions, AWS Service limits being reached, or Service Control Policies configured in your AWS Organizations.

To run our troubleshooting helper script to discover the root cause

  1. Open AWS CloudShell in the AWS Management Console.

Alternatively, you can run bash with AWS CLI installed. 2. Download the script:

wget -q https://dynatrace-data-acquisition.s3.us-east-1.amazonaws.com/aws/deployment/cfn/da-activation-check.sh -O da-activation-check.sh && chmod +x ./da-activation-check.sh
3. Run the script to analyze the failure reason and script output ./da-activation-check.sh --stack-name <activation-stack-name>.

The activation main stack name follows the AWS connection name specified the Dynatrace connections list, for example, connection name: MyEastProd3Account

To find the failure reason manually

  1. Go to the AWS Management Console > CloudFormation stack events and search for the root cause.
  2. Also search nested stacks and stackset instances (if logs/events ingest was enabled) for failed events.

If you encounter an error that you cannot resolve on your own, open a Dynatrace support ticket providing the script output.

The root cause of the CloudFormation deployment failure is an invalid or expired token. What can I do?

The best way to solve this issue is to delete the failed stack and repeat the deployment specifying valid tokens as parameters. You can start the deployment from the Dynatrace Settings Settings web UI to generate a new API token.

The root cause of the CloudFormation deployment failures are related to permissions, as I can see messages indicating that I'm not authorized to perform X or Y. What can I do?

If you can see in the CloudFormation stack error messages, such as "User: arn:aws: <...> is not authorized to perform: <...> on resource: <...>", it's because you haven't included the proper user/role permissions required from our policy. Update the setup by adding the required AWS permissions, clean the current setup, and restart the process.

To learn how to clean the current setup, see The CloudFormation stack did not complete successfully. I fixed the issue. How do I clean the current setup and start over?

The root cause of the CloudFormation deployment failure is that the 'Account XXX has not enabled 'Region-XYZ'. What can I do?

If you see, in the CloudFormation stack, error messages such as "Account XXX has not enabled [Region-XYZ]: ...", clean the current setup, enable that Region or remove it from the deployment parameters, and restart the process.

To learn how to clean the current setup, see The CloudFormation stack did not complete successfully. I fixed the issue. How do I clean the current setup and start over?

The root cause of the CloudFormation deployment failure is the creation of the Firehose DeliveryStream. What can I do?

If you see, in the CloudFormation stack, error messages such as "You are not subscribed to this service" or "The AWS Access key Id needs a subscription for the service (Service Firehose)", this is because new services, such as Firehose, require it to be enabled on some new accounts. See how to resolve problems when accessing a service in the AWS Management Console.

After enabling it, clean the current setup and restart the process again.

To learn how to clean the current setup, see The CloudFormation stack did not complete successfully. I fixed the issue. How do I clean the current setup and start over?

The root causes of the CloudFormation deployment failures are 404 or 400 errors. What can I do?

Please contact us at awscloudmonitoring-preview@dynatrace.com or open a Dynatrace support ticket sharing the errors you experienced.

The CloudFormation stack did not complete successfully. I fixed the issue. How do I clean the current setup and start over?

In the AWS CloudFormation console, delete the master Dynatrace stack. The main stack name follows the connection name in our example MyEastProd3Account. Follow the AWS guidelines on deleting stacks.

Once the stack and its nested stacks are completely deleted

  1. In Dynatrace, go to Settings Settings > Cloud and virtualization > AWS (Preview).
  2. Find and select the connection action menu on the right .
  3. Select Delete.
  4. You are now able to start the wizard and create a new connection.

Not all resources created are properly tagged in Dynatrace.

Even if your organization enforces tagging via Service Control Policies or IAM, some of the resources created by CloudFormation do not support tag propagation. For details, please see AWS CloudFormation resource tagging.

I have enabled logs push-based ingest via Firehose, but I cannot seem to locate log records on Dynatrace.

Looking at the Destination error logs tab (AWS Firehose console), if you get this message:

Delivery to the endpoint was unsuccessful. See Troubleshooting HTTP Endpoints in the Firehose documentation for more information. Response received with status code. 403: "requestId":"xxxx,"errorMessage":"The authorization token does not provide the necessary permissions. details: missing_scopes=[data-acquisition:logs:ingest]

Verify that

  1. The platform ingest token is assigned with the correct permission scope (data-acquisition:logs:ingest).
  2. The Dynatrace service user linked to the token is also assigned with same token permission scope (data-acquisition:logs:ingest).
  3. The platform ingest token has not expired or was deleted.
  4. The service user has not been deleted.
  5. The platform token environment scope is adjusted to the correct Dynatrace environment.

When creating the platform token, why is the "service user" option grayed out?

Your IAM user might not have permission to create platform tokens for (existing) service users. Contact you Dynatrace Admin to learn if the prerequisites were followed. In this case, a specific permission scope must be granted.

Share your feedback

The onboarding experience is an evolving core product feature. We are continually working to collect feedback.

During the Preview, we will reach out and ask for feedback. We highly appreciate your willingness to share any suggestions. You can also share your feedback at our dedicated Dynatrace Community channel


Source: app-runner.md


title: Monitor AWS App Runner source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/app-runner scraped: 2026-02-06T16:23:23.536585


Monitor AWS App Runner

Monitor AWS App Runner

  • How-to guide
  • 3-min read
  • Published Jan 16, 2023

To deploy OneAgent on App Runner, read the instructions provided below.

Prerequisites

  • Create an API token in your Dynatrace environment and enable the following permissions:

  • Access problem and event feed, metrics, and topology (DataExport) (API v1)

  • PaaS integration - Installer download (InstallerDownload)
  • Review the list of supported applications and versions.

Integrate OneAgent into your application image

Build-time injection EKS, ECS, and App Runner

If you're using ECS, EKS, and App Runner, you can use build-time injection to embed OneAgent into your container image.

Docker multi-stage image builds

Classic integration

To use this option you need:

  • Docker version 17.05+
  • OneAgent version 1.155+

  • Sign in to Docker with your Dynatrace environment ID as username and your PaaS token as password.

docker login -u <your-environment-id> <your-environment-url>
2. Add two additional lines of code to the application image after the last FROM command:

COPY --from=<your-environment-url>/linux/oneagent-codemodules:<technology> / /



ENV LD_PRELOAD /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so
  • Replace <your-environment-url> with the URL or IP address of your environment or your ActiveGate.

  • Dynatrace SaaS {your-environment-id}.live.dynatrace.com1

  • Dynatrace Managed {your-domain}/e/{your-environment-id}1

    1

    If you use your own environment ActiveGate, use the <ip-address>:9999 or <hostname>:9999 format. * Replace <technology> with the code module required for your application. Valid options are all, java, apache, nginx, nodejs, dotnet, php, sdk, and go. You can specify several code modules, separated by hyphen (-), for example java-go. Including specific technology-support options, rather than support for all technology options, results in a smaller OneAgent package.

What if my Docker image is based on Alpine Linux?

Dynatrace OneAgent supports Alpine Linux-based environments. Use this syntax:

COPY --from=<your-activegate>/linux/oneagent-codemodules-musl:<technology> / /



ENV LD_PRELOAD /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so

Valid options here are all, go, java, apache, nginx, and nodejs.

  1. Build your application image.

Build the Docker image from your dockerfile to use it in your Kubernetes environment:

docker build -t yourapp .

You can monitor your application containers with a different Dynatrace environment. To do this, read the instructions below:

For OneAgent version 1.139+, if you have an existing application image where you've already added the OneAgent code modules for a specific Dynatrace environment, you can have the OneAgent report to another Dynatrace environment without rebuilding your application image.

For this you need to make a call to the REST endpoint of your second Dynatrace environment. Make sure to adapt the respective placeholders <your-environment-id> and <your-paas-token>.

curl "https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/connectioninfo?Api-Token=<your-paas-token>"

In return, you get a JSON object that covers the required information that needs to be passed as an environment variable to the application container. Make sure you set the environment variables of the application container as described below:

  • DT_TENANT: equals tenantUUID
  • DT_TENANTTOKEN: equals tenantToken
  • DT_CONNECTION_POINT: semi-colon separated list of communicationEndpoints

  • Add the following commands to your current Dockerfile to integrate OneAgent and activate instrumentation of your application. Define variables with optional default values using ARG instructions.

ARG DT_API_URL="https://<your-environment-id>.live.dynatrace.com/api"



ARG DT_API_TOKEN="<your-paas-token>"



ARG DT_ONEAGENT_OPTIONS="flavor=default&include=<technology1>&include=<technology2>"



ENV DT_HOME="/opt/dynatrace/oneagent"



RUN mkdir -p "$DT_HOME" && \



wget -O "$DT_HOME/oneagent.zip" "$DT_API_URL/v1/deployment/installer/agent/unix/paas/latest?Api-Token=$DT_API_TOKEN&$DT_ONEAGENT_OPTIONS" && \



unzip -d "$DT_HOME" "$DT_HOME/oneagent.zip" && \



rm "$DT_HOME/oneagent.zip"



ENTRYPOINT [ "/opt/dynatrace/oneagent/dynatrace-agent64.sh" ]



CMD [ "executable", "param1", "param2" ] # the command of your application, for example, Java
  • The commands above that use wget and unzip might fail if they aren't provided by the base image.
  • Replace <your-environment-id> with your Dynatrace environment ID. If you're using Dynatrace Managed, you need to provide your Dynatrace Cluster URL (https://<YourDynatraceServerURL>/e/<your-environment-id>/api).
  • Replace <your-paas-token> with your PaaS token.
  • DT_ONEAGENT_OPTIONS - this is the flavor (valid options are default or musl for Alpine images) and the technology (code module).

    • Syntax for default is flavor=default&include=all.
    • Syntax for musl is flavor=musl&include=all.

What if my Docker image is based on Alpine Linux?

Dynatrace OneAgent supports the flavor musl for Alpine Linux–based environments. Valid options for flavor=musl are all, go, java, apache, nginx, and nodejs. 2. Build your application image.

Build the Docker image from your dockerfile to use it in your Kubernetes environment:

docker build -t yourapp .

You can monitor your application containers with a different Dynatrace environment. To do this, read the instructions below:

For OneAgent version 1.139+, if you have an existing application image where you've already added the OneAgent code modules for a specific Dynatrace environment, you can have the OneAgent report to another Dynatrace environment without rebuilding your application image.

For this you need to make a call to the REST endpoint of your second Dynatrace environment. Make sure to adapt the respective placeholders <your-environment-id> and <your-paas-token>.

curl "https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/connectioninfo?Api-Token=<your-paas-token>"

In return, you get a JSON object that covers the required information that needs to be passed as an environment variable to the application container. Make sure you set the environment variables of the application container as described below:

  • DT_TENANT: equals tenantUUID
  • DT_TENANTTOKEN: equals tenantToken
  • DT_CONNECTION_POINT: semi-colon separated list of communicationEndpoints

Configure network zones Optional

You can configure network zones as an environment variable:

  • DT_NETWORK_ZONE: equals your.network.zone

See network zones for more information.

Monitoring Consumption

For AWS App Runner, monitoring consumption is based on host units. See Application and Infrastructure Monitoring (Host Units) for details.

Troubleshoot


Source: aws-beanstalk.md


title: Monitor AWS Elastic Beanstalk source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-beanstalk scraped: 2026-02-17T04:49:28.156390


Monitor AWS Elastic Beanstalk

Monitor AWS Elastic Beanstalk

  • How-to guide
  • 1-min read
  • Published Jul 19, 2017

AWS Elastic Beanstalk is a service provided by Amazon Web Services (AWS) that gives you the option of deploying and auto-scaling applications and services.

As this type of installation depends heavily on user customizations, there isn't any set of steps that will work in all scenarios. The following aims to provide an overview of the entire process, with examples to help you create your own deployment.

Prerequisites

  • Locate the ONEAGENT_INSTALLER_SCRIPT_URL. This information is shared during Dynatrace OneAgent installation.

Locate your installer URL

To get your ONEAGENT_INSTALLER_SCRIPT_URL

  1. In Dynatrace Hub, select OneAgent.
  2. Select Set up > Linux.

  3. Determine the installer script URL and token from the UI-provided wget command:

OneAgent container image version 1.39.1000+

OneAgent container image version 1.38.1000 and earlier

This is the URL:

OneAgent URL

  • Replace the value of arch parameter with <arch>. Ignore the flavor=default parameter.
  • For the API-Token value, you need a PaaS token.

Your URL should look like this: https://host.domain.com/api/v1/deployment/installer/agent/unix/default/latest?arch=<arch>

This is your ONEAGENT_INSTALLER_SCRIPT_URL.

This your URL and API token.

OneAgent installation page with URL to be modified

Append the API token to the URL using the API-Token parameter. Your URL should look like this:

https://host.domain.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<token>

This is your ONEAGENT_INSTALLER_SCRIPT_URL.

  • Access to the AWS console

For configurations where OneAgent is already part of your application deployment, you don't have to manually install OneAgent or restart servers to enable service monitoring.

Download OneAgent

  1. In Dynatrace Hub, select OneAgent.
  2. Select Set up > Windows or Linux.

For more information, see the OneAgent installation instructions for Windows or Linux.

Customize your installation

  • Make sure the configuration files are properly formatted YAML files.
  • Don't use tabs for indentation. Only spaces are allowed.
  • The Elastic Beanstalk extension script file names are important—the Amazon interpreter executes them in alphabetical order.

Linux

Windows

To install OneAgent, you need two configuration files:

  • One file for downloading the OneAgent installer
  • Another file for invoking the installation and post-installation tasks.

  • In the Beanstalk deployment package, create a .ebextensions directory within the same directory as the main Beanstalk project source code. The two configuration files mentioned above must be placed in this directory.

  • Create a configuration file for downloading the installer named 0dynatraceDownload.config.

The file must contain a files section that defines:

  • The download path and target file name (for example, /tmp/dynatraceinstall.sh)
  • Proper user rights settings
  • The OneAgent download URL mentioned in the prerequisites.

Example:

files:



"/tmp/dynatraceinstall.sh":



mode: "000755"



owner: root



group: root



source: "https://abcdefghij.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=abcdefghijklmnopqrstu"

Make sure to replace the generic values in the example above with your own. 3. Create a configuration file to execute the OneAgent installer and perform other tasks such as service restart, named 1dynatraceInstallAndPost.config.

In the example below, the script checks for an existing OneAgent setup and, if no OneAgent is found, executes the installation from the /tmp directory, setting the --set-proxy=172.1.1.128:8080 installation parameter to connect the agent to a specific proxy. Then the httpd service is restarted.

commands:



install_dynatrace:



cwd: /tmp



command: "/bin/sh dynatraceinstall.sh --set-proxy=172.1.1.128:8080"



restart_httpd:



command: "service httpd restart"

If you want to add more parameters, separate them with spaces. To learn more about installation parameters, see how to customize OneAgent installation on Linux.

Do not use the command's env property because it overwrites, rather than appends, the existing environment and will cause OneAgent installation to fail. 4. Optional Extend your configuration.

You can also include steps to download OneAgent in your configuration.

The example below includes OneAgent download in the configuration. While this is necessary for the first installation of OneAgent, it might substantially lengthen future application updates because you download OneAgent each time you run the script. To improve your Beanstalk configuration, add a check for an existing OneAgent installation and have your scripts download OneAgent only when it isn't found on the system.

Inspect the following Linux configuration example carefully before creating your own scripts. The Amazon interpreter is sensitive to syntax errors. Take care in formatting and escaping special characters.

files:



"/tmp/dynatraceinstall.sh":



mode: "000755"



owner: root



group: root



content: |



#!/bin/bash



if [ ! -d /opt/dynatrace/oneagent ]; then



wget -O /tmp/Dynatrace-OneAgent.sh "https://abcdefghij.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=abcdefghijklmnopqrstu"



chmod 755 /tmp/Dynatrace-OneAgent.sh



sudo chown root:root /tmp/Dynatrace-OneAgent.sh



sudo /tmp/Dynatrace-OneAgent.sh



fi



commands:



install_dynatrace:



cwd: /tmp



command: "/bin/sh dynatraceinstall.sh --set-proxy=172.1.1.128:8080"



restart_nginx:



command: service nginx restart



ignoreErrors: true

To install OneAgent, you need two configuration files:

  • One file for downloading the OneAgent installer
  • Another file for invoking the installation and post-installation tasks.

  • Create a configuration file for downloading the installer named 0dynatraceDownload.config.

The file must contain a sources section that defines:

  • The download destination (for example, your desktop)
  • The OneAgent download URL mentioned in the prerequisites.

Example:

files:



"C:/OneAgent/Dynatrace-OneAgent-Installer.exe":



source: "https://abcdefghij.live.dynatrace.com/api/v1/deployment/installer/agent/windows/default/latest?Api-Token=abcdefghijklmnopqrstu&arch=x86&flavor=default"

Make sure to replace the generic values in the example above with your own. 2. Create a configuration file to execute the OneAgent installer and perform other tasks such as service restart, named 1dynatraceInstallAndPost.config.

The file must contain a commands section that defines the installation command for OneAgent.

Do not use the command's env property because it overwrites, rather than appends, the existing environment and will cause OneAgent installation to fail.

In the example below, the script executes the installer from the administrator's desktop folder in quiet mode (no graphical user interface involved). The file passes the --set-proxy=172.1.1.128:8080 installation parameter to connect the agent to a specific proxy.

commands:



install_oneagent:



command: "C:/OneAgent/Dynatrace-OneAgent-Installer.exe --quiet --set-proxy=172.1.1.128:8080"

If you want to add more parameters, separate them with with spaces. To learn more about installation parameters, see how to customize OneAgent installation on Windows.

You don't need to add extra commands following OneAgent installation. Amazon will restart IIS on its own after you've successfully uploaded all your application files.

Configure network zones Optional

To configure network zones, use the following argument: --set-network-zone=<your.network.zone>. See network zones for more information.

Monitoring consumption

For AWS Elastic Beanstalk, monitoring consumption is based on hosts units. See Application and Infrastructure Monitoring (Host Units) for details.


Source: aws-ec2.md


title: Monitor Amazon Elastic Compute Cloud (EC2) source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-ec2 scraped: 2026-02-17T04:49:04.203756


Monitor Amazon Elastic Compute Cloud (EC2)

Monitor Amazon Elastic Compute Cloud (EC2)

  • How-to guide
  • 1-min read
  • Published Jan 16, 2023

Capabilities

Integrate OneAgent for fullstack monitoring

Monitoring Amazon EC2 instances works out of the box. Just run the regular Linux and Windows OneAgent installers.

Alternatively, you can use any infrastructure management tool such as Terraform to integrate OneAgent on your virtual machines. Dynatrace also provides an integration with the AWS Systems Manager Distributor so you can distribute and automatically deploy OneAgent on your EC2 instances.


Source: deploy-oneagent-on-ecs.md


title: Monitor Elastic Container Service (ECS) with EC2 launch type source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-ecs/deploy-oneagent-on-ecs scraped: 2026-02-17T05:10:15.329885


Monitor Elastic Container Service (ECS) with EC2 launch type

Monitor Elastic Container Service (ECS) with EC2 launch type

  • How-to guide
  • 3-min read
  • Published May 18, 2020

To deploy OneAgent on AWS Elastic Container Service (ECS) clusters with EC2 launch type, follow the instructions below.

Prerequisites

Deploy OneAgent as a daemon service

This approach describes the installation of OneAgent as a daemon service in its own container. ECS orchestrates the execution of the OneAgent task on each container instance that is part of the cluster.

  1. On the ECS console, go to Task Definitions > Create new Task Definition. Select EC2 and then Next step.
  2. In Configure task and container definitions, enter the following values:

  3. Task Definition Name: oneagent

  4. Network Mode: host
  5. Scroll down to Volumes. Click Add volume and enter the following values:

  6. Name: oneagent

  7. Volume type: Bind Mount
  8. Source path: /

Click Add to add the volume. 4. Scroll to Container Definitions and click Add container. In the Standard section, enter the following values:

  • Container name: oneagent
  • Image: dynatrace/oneagent
  • Memory limits: as needed

There are two types of memory limits: soft and hard. ECS requires that you define the limit for at least one type of memory. We recommend using the default setting (soft limit of 256 MiBs), as it's less restrictive, but you can adjust this setting as needed. 5. In the Advanced container configuration section, go to Environment. Make sure that Essential is selected.

In Environment variables, define ONEAGENT_INSTALLER_SCRIPT_URL depending on how you connect to Dynatrace:

  • For SaaS: https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<pass_token>
  • For Managed: https://<your-domain>/e/<your-environment-id>/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<pass_token>
  • For ActiveGate: https://<your-active-gate-ip-or-hostname>:9999/e/<your-environment-id>/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<paas_token>

If you connect via an ActiveGate, you can skip the certificate check by adding the ONEAGENT_INSTALLER_SKIP_CERT_CHECK key with the value true. 6. Optional Add OneAgent installer parameters.

While still in Environment variables, you can customize your OneAgent installation by adding several OneAgent installer parameters in the command text box. Make sure to separate each parameter by a space. For example, --set-app-log-content-access=false --set-network-zone=<your.network.zone>.

Set the --set-network-zone=<your.network.zone> parameter if you want to configure network zones. See network zones for more information. 7. Go to Storage and logging and enter the following values in Mount point:

  • Source volume: oneagent
  • Container path: /mnt/root
  • Scroll down to Security and set the container to run in Privileged mode.
  • Click Add to add the container definition.
  • While still in the task definition, go back to Volumes and click Configure via JSON. Add the following two parameters at the root level (for example, before the "tags"):

    "ipcMode": "host",
    
    
    
    "pidMode": "host",
    

    Click Save to save the JSON configuration. 11. Click Create to save your task definition. 12. In the Task definitions menu, select the newly created OneAgent task and then click Actions > Create service. This will create a service to run your task. 13. In Configure service, enter the following values:

    • Launch type: EC2
    • Task Definition: oneagent
    • Service type: DAEMON
    • Service name: give a name to the service.

    Leave the rest of the settings set as they are by default. Follow the remaining steps until you reach and select Create service.

    Once the service is created, the associated tasks will be executed. The oneagent service creates a task to deploy OneAgent on each container instance of your cluster.

    You can see the container instances displayed on the ECS cluster dashboard, and the corresponding hosts in your Dynatrace monitoring environment.

    ECS hosts 14. After deploying OneAgent, restart the running application tasks to get service-level visibility.

Security implications

See Docker security implications for details.

Limitations

See Docker limitations for details.

Monitoring consumption

For Elastic Container Service, monitoring consumption is based on hosts units. See Application and Infrastructure Monitoring (Host Units) for details.


Source: aws-ecs.md


title: Monitor Amazon Elastic Container Service (ECS) source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-ecs scraped: 2026-02-17T04:48:57.989219


Monitor Amazon Elastic Container Service (ECS)

Monitor Amazon Elastic Container Service (ECS)

  • How-to guide
  • 1-min read
  • Published Jan 16, 2023

To deploy OneAgent on AWS Elastic Container Service (ECS) clusters with EC2 launch type, follow the instructions below.

Prerequisites

  • Create a PaaS Token.
  • ECS cluster with Linux-based container instances.
  • Review the list of supported applications and versions.
  • An IAM role for your container instances should attach the AmazonEC2ContainerServiceforEC2Role managed policy. Instructions for creating this role, named ecsInstanceRole, are provided in the AWS documentation.

Deploy OneAgent as a daemon service

This approach describes the installation of OneAgent as a daemon service in its own container. ECS orchestrates the execution of the OneAgent task on each container instance that is part of the cluster.

Privileged mode and volume parameters are prerequisites for this deployment method. As a result, this can only be done using JSON revisions. Consider using build-time injection instead.

  1. On the ECS console, go to Task Definitions > Create new task definition > Create new task definition with JSON.
  2. Edit the task definition JSON:

  3. Set requiresCompatibilities to ["EC2"]

  4. Set family to a unique name of your choice for the task definition, such as oneagent
  5. Add ipcMode and set to host
  6. Add pidMode and set to host
  7. Set containerDefinitions[0] to

    {
    
    
    
    "name": "oneagent",
    
    
    
    "image": "dynatrace/oneagent",
    
    
    
    "essential": true,
    
    
    
    "privileged": true
    
    
    
    }
    
    * Create a new dictionary in the volumes array:

    {
    
    
    
    "name": "oneagent"
    
    
    
    }
    
    3. Select Create. 4. Select Create new revision > Create new revision. 5. In Infrastructure requirements, go to Network Mode and select host. 6. Scroll to Container - 1, go to Resource allocation limits and set the memory limits as needed

There are two types of memory limits: soft and hard. ECS requires that you define the limit for at least one type of memory. We recommend using the default setting (soft limit of 256 MiBs), as it's less restrictive, but you can adjust this setting as needed. 7. In the Environment variables section, go to Add individually and define ONEAGENT_INSTALLER_SCRIPT_URL depending on how you connect to Dynatrace:

  • For Dynatrace SaaS: https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<paas_token>
  • For ActiveGate: https://<your-active-gate-ip-or-hostname>:9999/e/<your-environment-id>/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<paas_token>

If you connect via an ActiveGate, you can skip the certificate check by adding the ONEAGENT_INSTALLER_SKIP_CERT_CHECK key with the value true. 8. Optional Add OneAgent installer parameters.

While still in Environment variables, you can customize your OneAgent installation by adding several OneAgent installer parameters in the command text box. Make sure to separate each parameter by a space. For example, --set-monitoring-mode=infra-only --set-app-log-content-access=false --set-network-zone=<your.network.zone>.

Set the --set-network-zone=<your.network.zone> parameter if you want to configure network zones. See network zones for more information. 9. Scroll down to Storage > Volume - 1 and set Source path to / 10. Go to Container mount points, select Add mount point and enter the following values:

* **Container**: `oneagent`
* **Source volume**: `oneagent`
* **Container path**: `/mnt/root`
  1. Select Create to save your task definition.
  2. In the Task definitions menu, select the newly created OneAgent task and then select Deploy > Create service. This will create a service to run your task.
  3. In Compute configuration, select Launch type and for Launch type select EC2.
  4. In Deployment configuration, perform the following actions:

    • Service name: Name the service.
    • Service type: Select Daemon.

    Leave the rest of the settings set as they are by default. Follow the remaining steps until you reach and select Create.

    Once the service is created, the associated tasks will be executed. The oneagent service creates a task to deploy OneAgent on each container instance of your cluster.

    You can see the container instances displayed on the ECS cluster dashboard, and the corresponding hosts in your Dynatrace monitoring environment.

    ECS hosts 15. After deploying OneAgent, restart the running application tasks to get service-level visibility.

Security implications

See Docker security implications for details.

Limitations

See Docker limitations for details.

Monitoring consumption

For Elastic Container Service, monitoring consumption is based on host units. See Application and Infrastructure Monitoring (Host Units) for details.


Source: k8s-dns-logs.md


title: Ingest Kubernetes DNS logs from AWS source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-eks/k8s-dns-logs scraped: 2026-02-17T05:02:57.002334


Ingest Kubernetes DNS logs from AWS

Ingest Kubernetes DNS logs from AWS

  • How-to guide
  • 5-min read
  • Published Mar 18, 2024

This page describes how to ingest Kubernetes-related DNS logs from AWS to Dynatrace with containers running in an Amazon Elastic Kubernetes Service (EKS) Cluster.

Kubernetes and domain name resolution

In EKS, service discovery and domain name resolution are both done via the CoreDNS add-on, which is a flexible, extensible DNS server that can serve as the Kubernetes cluster DNS.

When you launch an Amazon EKS cluster with at least one node, two replicas of the CoreDNS image are deployed by default, regardless of the number of nodes deployed in your cluster.

Read more about working with the CoreDNS Amazon EKS add-on.

CoreDNS

When a pod in an EKS cluster tries to resolve the domain name www.dynatrace.com, the request is first sent to the CoreDNS service. CoreDNS keeps a local registry of the registered services in the EKS cluster and a DNS cache, to provide faster responses to incoming DNS queries.

CoreDNS does not log DNS queries by default.

To enable DNS query logging in Kubernetes, you need to enable the log plugin in the CoreDNS configuration.

  1. Open your Kubernetes management console to view your existing CoreDNS ConfigMap, which includes the current Corefile. CoreDNS service is running under the kube-system namespace:

kubectl describe configmaps --namespace kube-system coredns
2. Copy the Corefile from the response to the respective coredns-config.yml section. The default Kubernetes ConfigMap looks something like this:

apiVersion: v1



kind: ConfigMap



metadata:



name: coredns



namespace: kube-system



data:



Corefile: |



.:53 {



errors



health



kubernetes cluster.local in-addr.arpa ip6.arpa {



pods insecure



fallthrough in-addr.arpa ip6.arpa



}



prometheus :9153



forward . /etc/resolv.conf



cache 30



loop



reload



loadbalance



}
3. To use the log plugin and start logging all the DNS queries to standard output, apply the following configuration:

. {



log



}
4. To activate the log plugin, add the corresponding line to the default Corefile in your coredns-config.yml file. Output when using the default ConfigMap should be similar to this:

apiVersion: v1



kind: ConfigMap



metadata:



name: coredns



namespace: kube-system



data:



Corefile: |



.:53 {



log



errors



health



kubernetes cluster.local in-addr.arpa ip6.arpa {



pods insecure



fallthrough in-addr.arpa ip6.arpa



}



prometheus :9153



forward . /etc/resolv.conf



cache 30



loop



reload



loadbalance



}
5. Apply the coredns-config.yml to your CoreDNS service in Kubernetes with the following command:

kubectl apply -f coredns-config.yml

As a result, the DNS query logs can now be seen in the CoreDNS pods' logs, which can now be either forwarded to Dynatrace or viewed in the AWS CloudShell environment with the command:

kubectl logs --namespace kube-system -f deployment/coredns --follow

Route53

If CoreDNS doesn’t have an answer for www.dynatrace.com in the registry, the DNS query is forwarded to the DNS server of the cluster Node. Usually, this is the AWS Route53 service, which is the default recursive DNS server in AWS.

Like CoreDNS, Route53 does not log DNS queries by default.

To configure Route53 to log DNS queries

  1. Open your AWS Management Console and go to the Route53 Dashboard page.
  2. From the left menu, go to Resolver > Query logging and select Configure query logging.
  3. Select CloudWatch Logs log group as your destination and choose a log group as the destination log group for your query logs.
  4. Add the VPCs that you want the queries to be logged for (for example, the VPC where your EKS nodes reside).
  5. Select Configure query logging to save your settings.

Read more about configuring logging for DNS queries.

DNS log content in EKS

Let's go through why you need both CoreDNS logs and Route53 logs with some log content.

  • In CoreDNS, the query logs are stored in the following format by default:
172.31.47.132:40395 - 23683 "A IN www.dynatrace.com. udp 35 false 512" NOERROR qr,rd,ra 278 0.002157881s

The log record contains:

  • the source IP address and port
  • an ID of the request
  • request type and class
  • query itself
  • some other details about the response, such as the response code, flags, and the size of the response

The fields can be configured to some extent.

Read more about the CoreDNS custom log format. * Route53 logs are stored in the following JSON structure:

{



"version":"1.100000","account_id":"<id>","region":"us-east-1","vpc_id":"vpc-<id>",



"query_timestamp":"2023-11-20T21:20:29Z","query_name":"www.dynatrace.com.","query_type":"A",



"query_class":"IN","rcode":"NOERROR","answers":[{"Rdata":"52.3.5.163","Type":"A","Class":"IN"}],



"srcaddr":"172.31.73.143","srcport":"51217","transport":"UDP","srcids":{"instance":"i-<id>"}



}

From the example above, we can see that Route53 logs contain far more details about the DNS query, including detailed content of the response data, which is needed for threat hunting. Note that we don’t have the pods' IP address in Route53 logs: we can only see that an EKS Node has tried to resolve this host. Therefore, if you want to pinpoint the exact pod that's creating malicious DNS traffic, Route53 logs would not be enough.

In CoreDNS logs we can find information about the request origin (pods' IP and source port), but the logs don't contain any information about the response payload.

To find an infected process that is getting its commands from an external server via DNS responses, threat hunting is required. To perform it precisely, we need to analyze both of those logs and correlate them as needed.

Stream logs to Dynatrace

The easiest way to ingest logs into Dynatrace is via Amazon Data Firehose integration.

To configure it in AWS CloudShell, perform the following actions:

# setting the environment in CLI



TARGET_URL=<your_environment_URL>



TARGET_API_TOKEN=dt0c01.*****



STACK_NAME=dynatrace-log-delivery-stream



wget -O dynatrace-firehose-log-stream.yaml https://assets.cloud.dynatrace.com/awslogstreaming/dynatrace-firehose-log-stream.yaml



aws cloudformation deploy --capabilities CAPABILITY_NAMED_IAM --template-file ./dynatrace-firehose-log-stream.yaml --stack-name $STACK_NAME --parameter-overrides DtApiUrl=$DYNATRACE_API_URL DtApiToken=$DYNATRACE_API_KEY

To configure CloudWatch Logs log groups to be forwarded to Dynatrace, use the following command, both for the EKS clusters' CloudWatch Logs log group and for the log group you’re storing the Route53 logs.

wget -O dynatrace-firehose-logs.sh https://assets.cloud.dynatrace.com/awslogstreaming/dynatrace-firehose-logs.sh && chmod +x dynatrace-firehose-logs.sh



./dynatrace-firehose-logs.sh subscribe --log-groups <log-group-name> --stack-name $STACK_NAME

To see your CloudWatch Logs log group in Dynatrace, use the following DQL script in your tenant.

fetch logs



| filter aws.log_group == "<log-group-name>"

Source: aws-eks.md


title: Amazon EKS (Elastic Kubernetes Service) source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-eks scraped: 2026-02-17T05:11:54.499205


Amazon EKS (Elastic Kubernetes Service)

Amazon EKS (Elastic Kubernetes Service)

  • How-to guide
  • 1-min read
  • Published May 04, 2020

Dynatrace OneAgent provides extensive monitoring of Elastic Kubernetes Service pods, nodes, and clusters. The OneAgent deployment process is consistent with other distributions. For more information, see What is Amazon EKS?.

For Amazon Elastic Kubernetes Service, monitoring consumption is based on host units. See Application and Infrastructure Monitoring (Host Units) for details.

Integration

Kubernetes


Source: aws-fargate.md


title: Monitor AWS Fargate source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-fargate scraped: 2026-02-17T04:49:18.057538


Monitor AWS Fargate

Monitor AWS Fargate

  • How-to guide
  • 1-min read
  • Updated on Oct 14, 2025

To deploy OneAgent on AWS Fargate, read the instructions provided below.

Prerequisites

Integrate OneAgent into your application image

There are three ways to integrate OneAgent with AWS Fargate applications.

Automatic injection EKS

With automatic injection you can manage upgrades and lifecycle.

Kubernetes version 1.20+

On AWS Fargate, only the applicationMonitoring deployment without the CSI driver is supported.

Before you start installation, make sure you have a running AWS Fargate cluster. For details, see Getting started with AWS Fargate using Amazon EKS.

  1. Add a Fargate profile to define the Dynatrace Operator deployment.

Be sure it matches the dynatrace namespace where Dynatrace Operator will be deployed. 2. Create a dynatrace namespace.

kubectl create namespace dynatrace
3. Install Dynatrace Operator.

kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v1.8.1/kubernetes.yaml
4. Create the secret holding the API token for authentication to the Dynatrace cluster.

Be sure to replace <API_TOKEN> with your own value.

kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=<API_TOKEN>"
5. Download the preconfigured DynaKube custom resource sample file from GitHub. 6. Review the available parameters, and adapt the DynaKube custom resource according to your requirements. 7. Apply the DynaKube custom resource.

kubectl apply -f applicationMonitoring.yaml

Build-time injection EKS and ECS

With build-time injection you can embed OneAgent into your container image.

Docker multi-stage image builds

Classic integration

To use this option you need:

  • Docker version 17.05+
  • OneAgent version 1.155+

  • Sign in to Docker with your Dynatrace environment ID as username and PaaS token as password.

docker login -u <your-environment-id> <your-environment-url>
  • Replace <your-environment-url> with the URL or IP address of your environment or of your ActiveGate.

  • Dynatrace SaaS {your-environment-id}.live.dynatrace.com1

  • Dynatrace Managed {your-domain}/e/{your-environment-id}1

    1

    If you use your own environment ActiveGate, use the <ip-address>:9999 or <hostname>:9999 format. * Add two additional lines of code to the application image, after the last FROM command:

COPY --from=<your-environment-url>/linux/oneagent-codemodules:<technology> / /



ENV LD_PRELOAD /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so
  • Replace <technology> with the code module required for your application. Valid options are all, java, apache, nginx, nodejs, dotnet, php, python, sdk, and go. You can specify several code modules, separated by hyphen (-), for example java-go. Including specific technology-support options, rather than support for all technology options, results in a smaller OneAgent package.

What if my Docker image is based on Alpine Linux?

Dynatrace OneAgent supports Alpine Linux based environments. Use this syntax:

COPY --from=<your-activegate>/linux/oneagent-codemodules-musl:<technology> / /



ENV LD_PRELOAD /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so

Valid options here are all, go, java, apache, nginx, nodejs, and python.

  1. Build your application image.

Build the Docker image from your dockerfile to use it in your Kubernetes environment:

docker build -t yourapp .

You can monitor your application containers with a different Dynatrace environment. To do this, read the instructions below:

For OneAgent version 1.139+, if you have an existing application image where you've already added the OneAgent code modules for a specific Dynatrace environment, you can have the OneAgent report to another Dynatrace environment without rebuilding your application image.

For this you need to make a call to the REST endpoint of your second Dynatrace environment. Make sure to adapt the respective placeholders <your-environment-id> and <your-paas-token>.

curl "https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/connectioninfo?Api-Token=<your-paas-token>"

In return, you get a JSON object that covers the required information that needs to be passed as an environment variable to the application container. Make sure you set the environment variables of the application container as described below:

  • DT_TENANT: equals tenantUUID
  • DT_TENANTTOKEN: equals tenantToken
  • DT_CONNECTION_POINT: semi-colon separated list of communicationEndpoints

To utilize distroless images (stripped-down versions of regular Docker images containing the only essentials required to run an application), OneAgent needs to be called in an executable form using the command instruction CMD, instead of ENTRYPOINT.

  1. Set the following environment variables.

  2. DT_API_URL="https://<your-environment-id>.live.dynatrace.com/api"

  3. DT_API_TOKEN="<your-paas-token>"
  4. ARCH="<x86|arm>"
  5. DT_ONEAGENT_OPTIONS="flavor=default&include=<technology1>&include=<technology2>"
  6. DT_HOME="/opt/dynatrace/oneagent"

Environment variables need to be set:

  • In your current Dockerfile, to integrate OneAgent and activate instrumentation of your application. Define variables with optional default values using ARG instructions. The code block below provides a template to set these environment variables.
  • In the runtime injection container.
ARG DT_API_URL="https://<your-environment-id>.live.dynatrace.com/api"



ARG DT_API_TOKEN="<your-paas-token>"



ARG ARCH="<x86|arm>"



ARG DT_ONEAGENT_OPTIONS="flavor=default&include=<technology1>&include=<technology2>"



ENV DT_HOME="/opt/dynatrace/oneagent"



RUN mkdir -p "$DT_HOME" && \



wget -O "$DT_HOME/oneagent.zip" "$DT_API_URL/v1/deployment/installer/agent/unix/paas/latest?arch=$ARCH&Api-Token=$DT_API_TOKEN&$DT_ONEAGENT_OPTIONS" && \



unzip -d "$DT_HOME" "$DT_HOME/oneagent.zip" && \



rm "$DT_HOME/oneagent.zip"



ENTRYPOINT [ "/opt/dynatrace/oneagent/dynatrace-agent64.sh" ]



CMD [ "executable", "param1", "param2" ] # the command of your application, for example, Java
  • The commands above that use wget and unzip might fail if they aren't provided by the base image.
  • Replace <your-paas-token> with your PaaS token.
  • DT_ONEAGENT_OPTIONS - this is the flavor (valid options are default or musl for Alpine images) and the technology (code module).

    • Syntax for default is flavor=default&include=all.
    • Syntax for musl is flavor=musl&include=all.

What if my Docker image is based on Alpine Linux?

Dynatrace OneAgent supports the flavor musl for Alpine Linux based environments. Valid options for flavor=musl are all, go, java, apache, nginx, and nodejs. 2. Build your application image.

Build the Docker image from your dockerfile to use it in your Kubernetes environment:

docker build -t yourapp .

You can monitor your application containers with a different Dynatrace environment. To do this, read the instructions below:

For OneAgent version 1.139+, if you have an existing application image where you've already added the OneAgent code modules for a specific Dynatrace environment, you can have the OneAgent report to another Dynatrace environment without rebuilding your application image.

For this you need to make a call to the REST endpoint of your second Dynatrace environment. Make sure to adapt the respective placeholders <your-environment-id> and <your-paas-token>.

curl "https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/connectioninfo?Api-Token=<your-paas-token>"

In return, you get a JSON object that covers the required information that needs to be passed as an environment variable to the application container. Make sure you set the environment variables of the application container as described below:

  • DT_TENANT: equals tenantUUID
  • DT_TENANTTOKEN: equals tenantToken
  • DT_CONNECTION_POINT: semi-colon separated list of communicationEndpoints

Runtime injection ECS

With runtime injection you can pull OneAgent when the container starts. To install Dynatrace OneAgent at runtime, you must deploy your application using a task with two container definitions. One is for downloading and unzipping the OneAgent to a shared volume, the other is your application container, which must mount the same volume.

For the runtime injection, follow the steps below.

  1. Go to Fargate Task Definition > Create New Task Definition and select AWS Fargate in the Infrastructure requirements > Launch type section.
  2. Name the task, optionally set roles and sizes, and then scroll down to Storage - optional > Volumes and select Add volume. Add a volume of type Bind Mount named oneagent.

You must create a volume before creating container definitions in order to set the shared volume in each container. 3. Scroll to the bottom of Container - 1 and select Add container.

  • In the Container details subsection:

    • Add a container named install-oneagent
    • Set the image to Alpine version 3.8+ ("alpine:3")
    • select No in the Essential container field
    • In the Resource allocation limits - conditional subsection:

    • Select the CPU and memory limits.

There are two types of memory limits: soft and hard. ECS requires that you define the limit for at least one type of memory. We recommend using the default setting (soft limit of 128 MiBs), as it's less restrictive, but you can adjust it as needed. 4. In the Docker configuration - optional subsection:

  • In the Entry point field, enter /bin/sh,-c.
  • In the Command field, enter ARCHIVE=$(mktemp) && wget -O $ARCHIVE "$DT_API_URL/v1/deployment/installer/agent/unix/paas/latest?arch=$ARCH&Api-Token=$DT_PAAS_TOKEN&$DT_ONEAGENT_OPTIONS" && unzip -o -d /opt/dynatrace/oneagent $ARCHIVE && rm -f $ARCHIVE.
  • In the Environment variables subsection, define:

  • DT_API_URL - this is the API URL for your Dynatrace environment.

    • For SaaS: https://<your-environment-id>.live.dynatrace.com/api
    • For Managed: https://<cluster>/e/<your-environment-id>/api
    • For ActiveGate: https://<your-active-gate-IP-or-hostname>:9999/e/<your-environment-id>/api.
    • DT_ONEAGENT_OPTIONS- this is the flavor (valid options are default or musl for Alpine images) and the technology (code module).

    • Syntax for default is flavor=default&include=all.

    • Syntax for musl is flavor=musl&include=all.
    • DT_PAAS_TOKEN - this is your PaaS token to download the OneAgent code modules.
    • ARCH - CPU architecture.

    • for x86_64: x86

    • for arm64: arm

    Automatic architecture detection

    Use the following script to detect the CPU architecture on Linux.

    ARCH=$(uname -p);
    
    
    
    export ARCH;
    
    
    
    if [ "$ARCH" = "arm" ] || [ "$ARCH" = "arm64" ] || [ "$ARCH" = "aarch64" ]; then
    
    
    
    export ARCH="arm";
    
    
    
    else
    
    
    
    export ARCH="x86";
    
    
    
    fi
    
    6. Choose Add container again, this time to define your application, and complete the fields in the Standard subsection according to your application requirements. 7. Scroll to Environment, and in Environment variable, define LD_PRELOAD with the value /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so. 8. Scroll to Startup Dependency Ordering and enter the container name install-oneagent and the condition Complete. 9. Scroll to the Storage - optional section.

  • Create a new volume and name it oneagent

  • Create a mount point:

    • Select Add mount point
    • Select install-oneagent in the Container field
    • Select oneagent in the Source volume field
    • Set /opt/dynatrace/oneagent in the Container path
    • Select Create at the bottom of the screen to create your task definition and deploy it on your ECS cluster.

Check the Logs tab

  • For the install-oneagent container, you can see the code modules' ZIP file being downloaded by wget and being unzipped.
  • For your application workload container, you can see the code module being loaded by the process.

In Dynatrace, your Fargate application workload container will show up in the Hosts section. The instrumented process will show up in Processes as a typical Docker container.

Fargate

The runtime approach requires Fargate version 1.3+. For earlier versions, select the build-time approach.

Configure network zones Optional

You can configure network zones as an environment variable:

  • DT_NETWORK_ZONE: equals your.network.zone

See network zones for more information.

Monitoring consumption

For AWS Fargate, monitoring consumption is based on host units. To learn how host units are calculated for Dynatrace application and infrastructure monitoring, see Application and Infrastructure Monitoring (Host Units).

Troubleshoot


Source: deploy-oneagent-on-lambda-container-images.md


title: Integrate Dynatrace Lambda Layer on container images source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension/deploy-oneagent-on-lambda-container-images scraped: 2026-02-17T04:57:45.502012


Integrate Dynatrace Lambda Layer on container images

Integrate Dynatrace Lambda Layer on container images

  • How-to guide
  • 4-min read
  • Updated on Jan 22, 2026

As an addition to Lambda function deployment as a ZIP file, AWS Lambda offers Lambda function deployment as container images.

The container image must include the files and configuration required to run the function code. The same applies to the files and configuration of Dynatrace AWS Lambda Layer, once monitoring is enabled for the containerized Lambda function.

In a ZIP file function deployment, the Dynatrace artifacts are attached to the function with an AWS Lambda extension (which is a Lambda layer with an extension-specific folder layout).

A Lambda layer, like a function bundle, is a ZIP file extracted at function cold start time to the /opt folder of the AWS Lambda function instance.

See below for how to enable Dynatrace monitoring for a containerized Lambda function.

[Step 1

Configuration](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension/deploy-oneagent-on-lambda-container-images#configuration "Deploy Dynatrace Lambda Layers when deployed via a container image.")[Step 2

Copy the Lambda layer configuration snippet](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension/deploy-oneagent-on-lambda-container-images#copy-layer-snippet "Deploy Dynatrace Lambda Layers when deployed via a container image.")[Step 3

Add Dynatrace AWS Lambda extension to the container image](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension/deploy-oneagent-on-lambda-container-images#add-oneagent-extension "Deploy Dynatrace Lambda Layers when deployed via a container image.")

Step 1 Configuration

  1. Go to Trace Python, Node.js, and Java Lambda functions and follow the Configure with environment variables instructions.
  2. Open the projects Dockerfile in an editor and copy the environment variables from the deployment screen. Each line must be prefixed with ENV and spaces around the equal signs must be removed.
ENV AWS_LAMBDA_EXEC_WRAPPER=/opt/dynatrace



ENV DT_TENANT=abcd1234



ENV DT_CLUSTER_ID=1234567890



ENV DT_CONNECTION_BASE_URL=https://abcd1234.live.dynatrace.com



ENV DT_CONNECTION_AUTH_TOKEN=dt0a01...

Step 2 Copy the Lambda layer configuration snippet

  1. In Dynatrace Hub, select AWS Lambda.
  2. Select Set up.

  3. On the Enable Monitoring for AWS Lambda Functions, copy the Lambda layer configuration snippet.

Step 3 Add OneAgent extension to the container image

  1. To download the contents of the Dynatrace AWS Lambda extension to the local file system, use the following code sample for dt-awslayertool or AWS CLI.

Via dt-awslayertool

Via AWS CLI

To use the following code sample, substitute <YOUR_LAMBDA_LAYER_ARN_SNIPPET> with the copied Lambda layer snippet.

dt-awslayertool pull <YOUR_LAMBDA_LAYER_ARN_SNIPPET> --extract DynatraceOneAgentExtension

Example command

The following example command downloads the layer arn:aws:lambda:us-east-1:725887861453:layer:Dynatrace_OneAgent_1_207_6_20201127-103507_nodejs:1 and extracts its contents to the local folder DynatraceOneAgentExtension.

dt-awslayertool pull arn:aws:lambda:us-east-1:725887861453:layer:Dynatrace_OneAgent_1_207_6_20201127-103507_nodejs:1 --extract DynatraceOneAgentExtension

To learn more about dt-awslayertool, see Github.

To use the following code sample, substitute <YOUR_LAMBDA_LAYER_ARN_SNIPPET> with the copied Lambda layer snippet and <YOUR_LAMBDA_LAYER_REGION> with the Lambda layer region provided in the snippet.

curl $(aws --region <YOUR_LAMBDA_LAYER_REGION> lambda get-layer-version-by-arn --arn <YOUR_LAMBDA_LAYER_ARN_SNIPPET> --query 'Content.Location' --output text) --output layer.zip



unzip -d DynatraceOneAgentExtension layer.zip

Example command

The following code example downloads and extracts the content of arn:aws:lambda:us-east-1:725887861453:layer:Dynatrace_OneAgent_1_207_6_20201127-103507_nodejs:1 to the local folder DynatraceOneAgentExtension.

curl $(aws --region us-east-1 lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:725887861453:layer:Dynatrace_OneAgent_1_207_6_20201127-103507_nodejs:1 --query 'Content.Location' --output text) --output layer.zip



unzip -d DynatraceOneAgentExtension layer.zip

To learn more about AWS CLI, see AWS documentation. 2. To copy the downloaded extension content into the container image and ensure that the shell script file /opt/dynatrace is executable, use the following Dockerfile commands.

COPY DynatraceOneAgentExtension/ /opt/



RUN chmod +x /opt/dynatrace

Sample Dockerfile with Dynatrace AWS Lambda extension enabled

This sample project creates a containerized Node.js Lambda function.

The project folder has the following files and folders:

containerized-lambda-sample



├── Dockerfile



├── DynatraceOneAgentExtension



└── index.js

The content of the Dynatrace AWS Lambda Layer is assumed to be downloaded and extracted (as outlined above) to the folder DynatraceOneAgentExtension.

The handler function is exported by the index.js file:

exports.handler = async () => {



return "hello world";



}

The Dockerfile with the modifications applied to integrate Dynatrace AWS Lambda extension to the containerized function:

FROM public.ecr.aws/lambda/nodejs:18



COPY index.js ${LAMBDA_TASK_ROOT}



# --- Begin of enable Dynatrace OneAgent monitoring section



# environment variables copied from Dynatrace AWS Lambda deployment screen



# (prefix with ENV and remove spaces around equal signs)



ENV AWS_LAMBDA_EXEC_WRAPPER=/opt/dynatrace



ENV DT_TENANT=abcd1234



ENV DT_CLUSTER_ID=1234567890



ENV DT_CONNECTION_BASE_URL=https://abcd1234.live.dynatrace.com



ENV DT_CONNECTION_AUTH_TOKEN=dt0a01...



# copy Dynatrace OneAgent extension download and extracted to local disk into container image



COPY DynatraceOneAgentExtension/ /opt/



# make /opt/dynatrace shell script executable



RUN chmod +x /opt/dynatrace



# --- End of enable Dynatrace OneAgent monitoring section



CMD [ "index.handler" ]

Limitations

Monitoring via Dynatrace AWS Lambda extension on container images is supported only for images created from an AWS base image for Lambda and only for the runtimes that we support for non-containerized functions.

Additional resources

For more information on the Lambda container images, see:


Source: troubleshoot-lambda.md


title: Validate integration source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension/troubleshoot-lambda scraped: 2026-02-16T21:29:38.308045


Validate integration

Validate integration

  • Troubleshooting
  • 1-min read
  • Published Aug 30, 2021

This topic is about the classic AWS Lambda integration. Check out Trace Lambda functions for the latest experience.

To address the issues regarding Dynatrace AWS Lambda extension integration, start with the logs and error messages.

Logs

To get extensive log output on Lambda, add the variables below.

  • For Node.js

DT_LOGGING_DESTINATION: stdout



DT_LOGGING_NODEJS_FLAGS: Exporter=true,LambdaSensor=true
* For Python

DT_LOGGING_DESTINATION: stdout



DT_LOGGING_PYTHON_FLAGS: dynatrace=True
* For Java

DT_LOGGING_DESTINATION: stdout



DT_LOGGING_JAVA_FLAGS: log-Transformer=true,log-OpenTelemetryUtils=true,log-AsyncClassRetransformer=true,log-ClassValue=true

logOpenTelemetryUtils=true is required for use-inmemory-exporter (for debugging span-related problems).

Error messages

  • WARNING […] Unexpectedly got HTTP response with Content-Length (...)

This error message is displayed if you don't have port 9999 enabled for your ActiveGate. Go to AWS PrivateLink and VPC endpoints and set up a VPC that allows outbound communication on port 9999 to the ActiveGate endpoint.

OpenTelemetry interoperability

Python

OneAgent will not enable OpenTelemetry interoperability when it detects that the installed OpenTelemetry API version is incompatible. In this case, a line similar to the following is logged:

[Dynatrace] 2022-07-27 08:55:01.852 UTC [9-dfaf4836] INFO    [dynatrace.inject.agent] opentelemetry-api version (1.10.0) is not compatible with Dynatrace SDK (1.9.1).

It is possible to override the compatibility check via configuration. For instance, when you configure OneAgent using the environment variables, add:

DT_OPEN_TELEMETRY_OVERRIDE_MAX_API_VERSION=1.11.1

to allow OpenTelemetry APIs up to version 1.11.1.

Overriding the version compatibility check might result in runtime errors and should be used with caution. You should verify if these errors still occur if an officially supported version of the OpenTelemetry API is used or when temporarily disabling the OpenTelemetry interoperability. If this resolves the problem, please use the older OpenTelemetry API until the newer version is officially supported.


Source: aws-lambda-extension.md


title: Trace Python, Node.js, and Java Lambda functions source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension scraped: 2026-02-17T04:56:01.793338


Trace Python, Node.js, and Java Lambda functions

Trace Python, Node.js, and Java Lambda functions

  • How-to guide
  • 14-min read
  • Updated on Jan 23, 2026

This page refers to the classic AWS Lambda integration. For the latest version, see Trace Lambda functions.

Dynatrace provides you with a dedicated AWS Lambda layer that contains the Dynatrace extension for AWS Lambda. You need to add the publicly available layer for your runtime and region to your function. Then, based on your configuration method, Dynatrace provides a template or configuration for your AWS Lambda function.

Incoming invocations

Dynatrace can monitor incoming invocations only if they are invoked via:

  • AWS SDK Lambda Invoke API
  • API gateway
  • Lambda function URL
  • AWS SQS
  • AWS SNS

For other invocation types, OneAgent can't capture any specific information or connect the trace to any parent. Invocations via the AWS SDK require the client to be instrumented with Dynatrace to connect the trace.

Prerequisites

  • A supported AWS Lambda runtime. The Dynatrace extension supports AWS Lambda functions written in Node.js, Python, or Java. Both 64-bit ARM (AWS Graviton2 processors) and 64-bit x86 architectures are supported.
  • Java The following RAM requirements need to be met:

  • If Lambda SnapStart is enabled and OneAgent version is 1.267+, memory needs to be set to a minimum of 512 MB.

  • If Lambda SnapStart is not enabled and OneAgent version is 1.265 or earlier, memory needs to be set to a minimum of 1,500 MB. To configure memory in the AWS Lambda console, go to General > Basic settings and set Memory.

A new configuration of the memory size affects the amount of virtual CPU available to the function; to learn more about it, see Monitoring overhead below.

  • Note that the RAM requirements for Node.js and Python Lambda functions might be significantly lower. The compute power in AWS Lambda scales with the allocated memory, and with low memory settings the function execution time becomes much slower.
  • Activate the Forward Tag 4 trace context extension OneAgent feature. Go to Settings > Preferences > OneAgent features.

[Step 1

Enable AWS Lambda](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#activate-aws-lambda "Monitor Lambda functions written in Python, Node.js, and Java.")[Step 2

Choose a configuration method](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#lambda-cfg-method "Monitor Lambda functions written in Python, Node.js, and Java.")[Step 3 optional

Specify a Dynatrace API endpoint](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#lambda-cfg-endpoint "Monitor Lambda functions written in Python, Node.js, and Java.")[Step 4 optional

Enable Real User Monitoring](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#lambda-cfg-rum "Monitor Lambda functions written in Python, Node.js, and Java.")[Step 5

Define an AWS layer name](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#lambda-cfg-layer "Monitor Lambda functions written in Python, Node.js, and Java.")[Step 6 optional

Deployment](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#deployment "Monitor Lambda functions written in Python, Node.js, and Java.")[Step 7

Configuration options](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#config-options "Monitor Lambda functions written in Python, Node.js, and Java.")[Step 8

Dynatrace AWS integration](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#aws-integration "Monitor Lambda functions written in Python, Node.js, and Java.")

Step 1 Enable AWS Lambda

To get started

  1. In Dynatrace Hub, select AWS Lambda.
  2. Select Set up.

  3. Follow the instructions to enable monitoring of AWS Lambda functions.

Step 2 Choose a configuration method

Dynatrace OneAgent is distributed as a Lambda layer that can be enabled and configured manually or using well-known Infrastructure as Code (IaC) solutions. The Lambda layer is stored in the Dynatrace AWS account 725887861453.

On the Enable Monitoring for AWS Lambda Functions page, use the How will you configure your AWS Lambda functions? list to select your preferred method, and then make sure you set all properties for the selected method before copying the generated configuration snippets.

Configure with JSON file

If you select this method, Dynatrace provides you with:

  • An environment variable to add to your AWS Lambda function
  • A JSON snippet that you need to copy into the dtconfig.json file in the root folder of your Lambda deployment
  • Lambda layer ARN

When using this method, make sure that you add the Dynatrace Lambda layer to your function. You can do this through the AWS console (Add layer > Specify an ARN and paste the ARN displayed on the deployment page) or by using an automated solution of your choice.

Enter environment variables via the AWS Console

Lambda environment variables cropped

Enter the Lambda layer ARN via the AWS Console

Specify a layer by providing the ARN

Configure with environment variables

When using this method, make sure that you add the Dynatrace Lambda layer to your function. The layer, as well as the environment variables, can be set either manually through the AWS console (Add layer > Specify an ARN and paste the ARN displayed on the deployment page) or by using an automated solution of your choice.

Client-side decryption of environment variables (Security in Transit) is not supported.

If you select this method, Dynatrace provides you with:

  • Values to define environment variables for the AWS Lambda functions that you want to monitor

Lambda environment variables * Lambda layer ARN

Specify a layer by providing the ARN

Configure and deploy using Terraform

Terraform is a popular Infrastructure as Code (IaC) solution. If you select this method, Dynatrace provides you with:

  • A template to define the AWS Lambda function. This includes all the configuration that you need to deploy and configure the Dynatrace AWS Lambda extension together with your functions.
  • Lambda layer ARN

Configure and deploy using AWS SAM

The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications.

If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.

Configure and deploy using the serverless framework

The Serverless Application option is a framework for deploying serverless stacks.

If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.

Configure and deploy using AWS CloudFormation

AWS CloudFormation is an IaC solution that enables provisioning of a wide range of AWS services.

If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.

Step 3 optional Specify a Dynatrace API endpoint Optional

This is an optional step that enables you to specify a Dynatrace API endpoint to which monitoring data will be sent.

The typical scenario is to deploy a Dynatrace ActiveGate in close proximity (the same region) to the Lambda functions that you want to monitor in order to reduce network latency, which can impact the execution and cold start time of your Lambda functions for, usually, one network request by OneAgent per Lambda invocation (which happens at the end of the invocation). See the Monitoring overhead section for typical overhead numbers.

Step 4 optional Enable Real User Monitoring Optional

This is an optional step to use Real User Monitoring (RUM), which provides you with deep insights into user actions and performance via the browser or in mobile apps.

Configure AWS

  • Make sure the x-dtc header is allowed in the CORS settings of your monitored Lambda functions.

RUM for Lambda functions requires a specific header (x-dtc) to be sent with XHR calls to AWS. To enable it, the CORS settings of your AWS deployment must allow the x-dtc header during preflight (OPTIONS) requests. To configure CORS and allow the x-dtc header for your specific setup, see Enable CORS on a resource using the API Gateway console in AWS documentation.

Configure Dynatrace

To configure the x-dtc header for calls to your Lambda functions

  1. Go to Web, Mobile, Frontend, or Custom Applications, depending on your application type.
  2. Select the application you want to connect with your Lambda function.
  3. Select the browse menu (…) in the upper-right corner and select Edit.
  4. Select Capturing > Async web requests and SPAs.
  5. Make sure that your framework of choice is enabled. If your framework is not listed, enable Capture XmlHttpRequest (XHR) for generic support of XHR.
  6. Select Capturing > Advanced setup.
  7. Scroll down to the Enable Real User Monitoring for cross-origin XHR calls section and enter a pattern that matches the URL to your Lambda functions. Example: TheAwsUniqueId.execute-api.us-east-1.amazonaws.com
  8. Select Save. After a few minutes, the header will be attached to all calls to your Lambda function and requests from your browser will be linked to the backend.

Failed requests

If requests start failing after enabling this option, review your CORS settings. To learn how to configure CORS, see Enable CORS on a resource using the API Gateway console in AWS documentation.

Service Flow for AWS Lambda function

Step 5 Define an AWS layer name

Select the AWS region and the runtime of the Lambda function to be monitored. These settings are required to provide the correct layer ARN.

Step 6 Deployment

Copy the configuration snippets into your deployment and use your deployment method of choice to enable the layer and set the configuration for your Lambda functions.

Step 7 Configuration options

Configure the AWS API Gateway

  • If inbound (non-XHR) requests to your Lambda functions are not connected to the calling application, configure the API Gateway to pass through the Dynatrace tag. To do this, enable Use Lambda Proxy Integration on the Integration Request configuration page of the API Gateway.
  • If the API Gateway is configured from the Lambda configuration page, this setting will be enabled by default. For more information, see Enable CORS on a resource using the API Gateway console.

AWS Lambda also supports non-proxy integration, which—without some additional configuration—prevents Dynatrace from

  • Tracing calls from other monitored applications
  • RUM detection (web and mobile)

Node.jsPython To make tracing calls from other monitored applications/RUM detection work in this scenario, create a custom mapping template in the integration requests configuration.

  1. In the AWS API Gateway Console, go to Resources and select a request method (for example, GET).
  2. Select Mapping Templates and then select Add mapping template.
  3. Add the following content to the template:
{



"path": "$context.path",



"httpMethod": "$context.httpMethod",



"headers": {



#foreach($param in ["x-dynatrace", "traceparent", "tracestate", "x-dtc", "referer", "host", "x-forwarded-proto", "x-forwarded-for", "x-forwarded-port"])



"$param": "$util.escapeJavaScript($input.params().header.get($param))"



#if($foreach.hasNext),#end



#end    },



"requestContext": {



"stage": "$context.stage"



}



}

The x-dtc header is specific to tracing RUM scenarios, whereas the remaining headers are generally needed to link traces together and extract relevant information, such as web request metadata. 4. Select Save to save your configuration. 5. Redeploy your API.

Fetch token from AWS Secrets Manager

OneAgent version 1.295+

Instead of specifying the authentication token explicitly in the configuration, you can configure OneAgent to fetch a token stored in AWS Secrets Manager.

Prerequisites

  • Make sure you granted the secretsmanager:GetSecretValue permission for the authentication token secret ARN to the Lambda function monitored by OneAgent. For details, see Authentication and access control for AWS Secrets Manager in the AWS Secrets Manager documentation.
  • Make sure the secret value contains only the plaintext authentication token value (without quotes). Note that

  • Secrets with JSON structure are not supported. For details, see Create an AWS Secrets Manager secret in the AWS Secrets Manager documentation.

  • When you retrieve the secret value, Secrets Manager returns by default only the current secret version (AWSCURRENT label). For details, see What's in a Secrets Manager secret? in the AWS Secrets Manager documentation.

To fetch the token for a tracing connection, set the token secret ARN either to the environment variable DT_CONNECTION_AUTH_TOKEN_SECRETS_MANAGER_ARN or the JSON property Connection.AuthTokenSecretsManagerArn.

This option always overrides DT_CONNECTION_AUTH_TOKEN (Connection.AuthToken). If the fetch fails, OneAgent won't be able to export trace data.

A fetch accesses AWS Secrets Manager only once, during the Lambda function's initialization phase; this causes an increase of the Lambda function's cold start duration.

The Node.js and Python layers use the AWS SDK version provided by the AWS Lambda runtime to access the secret.

To fetch the token for log collection, set another fetch.

Filter cold starts

One of the important metrics for Lambda is the frequency of cold starts. A cold start happens when a new instance of a Lambda function is invoked. Such cold starts take longer and add latency to your requests.

A high cold-start frequency can indicate errors or an uneven load pattern that can be mitigated using provisioned concurrency. Dynatrace reports such cold starts as a property on the distributed trace.

To analyze cold starts, select View all requests on the Lambda service details page.

Service details page for AWS Lambda function

In the request filter, select Function cold start in the Request property section.

This displays a page that you can filter by invocations containing Only cold start or No cold start.

Screen to filter by invocations containing a Only cold start or No cold start

Monitoring overhead

Enabling monitoring unavoidably induces overhead to the monitored function execution. Overhead depends on several factors, such as function runtime technology, configuration, and concrete function characteristics such as code size or execution duration and complexity.

The amount of memory configured for a function directly impacts the compute resources assigned to the function instance. For more details, see Memory and computing power.

The worst-case scenario on measured overhead is a function with an empty function handler and minimum memory configuration.

Cold start overhead

  • For Python, cold start overhead is about 1,000 ms.
  • For Node.js, cold start overhead is about 700 ms.
  • For Java, cold start overhead may exceed 1,000 ms.

For the cold start benchmarking process, hello-world functions (only returning a response) were tested with 512 MB of allocated memory. It is important to note that the observed overhead may vary based on a few factors:

  • Configured memory: A Lambda function is allocated CPU proportional to the memory configured which can influence its cold start performance. Functions with higher memory allocations typically exhibit faster initialization times due to the increased CPU allocation.
  • Function implementation: The complexity of the actual function implementation—including external dependencies, initialization logic, and the runtime environment—can significantly impact the cold start duration.
  • Runtime version: The specific runtime version or container image used can also influence cold start times.

When conducting performance evaluations, we recommend considering these factors, as they may affect the benchmarking results in real-world scenarios.

For the minimum memory configuration requirement, see Requirement for Java Lambda functions.

Response time latency

Latency depends on the function implementation, but is typically less than 10%. This means that the time it takes until the caller of a Lambda function receives a response might increase by 10% when the OneAgent layer is added, compared to when OneAgent is not active/present.

Code space overhead

The following table contains uncompressed layer sizes.

Runtime Code space (MB) Code space with log collector included (MB)
Node.js ~1MB ~16MB
Python ~3MB ~18MB
Java ~5MB ~20MB

Step 8 Dynatrace AWS integration

While not mandatory, we recommend that you set up Dynatrace Amazon CloudWatch integration. This allows data ingested via AWS integration to be seamlessly combined with the data collected by the Dynatrace AWS Lambda extension.

AWS Lambda metrics Invocations

Known limitations

  • The Dynatrace AWS Lambda extension does not support the capture of method-level request attributes.
  • Most Dynatrace AWS Lambda extensions don't capture IP addresses of outgoing HTTP requests. This results in unmonitored hosts if the called service isn't monitored with Dynatrace.
  • Getting auth token from AWS Secrets Manager is not supported if Lambda SnapStart is enabled.
  • Outgoing requests to another AWS Lambda function: In a monitored AWS Lambda function, the following libraries are supported for outgoing requests to another AWS Lambda function:

  • For Java: AWS SDK version 1 for Java

  • For Node.js: AWS SDK for JavaScript in Node.js:

    • version 2
    • version 3 (OneAgent version 1.263+)
    • For Python: AWS SDK for Python (Boto3)
    • Outgoing HTTP requests: In a monitored AWS Lambda function, the following libraries/HTTP clients are supported for outgoing HTTP requests:
  • For Java: Apache HTTP Client 3.x, 4.x

  • For Node.js:

    • Built-in http.request
    • Built-in fetch API (OneAgent version 1.285+)
    • For Python: requests, aiohttp-client, urllib3, redis-py (OneAgent version 1.289+)
    • Additional requirements for incoming calls for Java only: To correctly monitor the configured handler method
  • The configured handler class has to implement the handler method by itself. If the handler method is only defined in a base class, you have to add an override in the handler class, calling the base handler method within (usually super.handleRequest(...)).

  • The handler method has to have a Context (com.amazonaws.services.lambda.runtime.Context) parameter.
  • We recommend following best practice by deriving your Lambda handler class from com.amazonaws.services.lambda.runtime.RequestHandler overrriding handleRequest and configuring that as handler method. However, as long as the previous requirements are fulfilled, OneAgent supports any valid handler function, even if not derived from that base interface.
  • The AWS Lambda events library must be used by your function as the types defined in the com.amazonaws.services.lambda.runtime.events package are used by OneAgent to match the corresponding invocation types for incoming calls.
  • Node.js sensors and instrumentations for ES modules:

  • The Node.js AWS Lambda extension sensors (instrumentations) don't support ECMAScript modules. This means that the extension won't properly monitor outgoing calls (for example, HTTP or AWS SDK requests).

  • OpenTelemetry instrumentations don't support ECMAScript modules by default.

    There is a way to make OpenTelemetry instrumentations work with ECMAScript modules, but it's experimental and has some limitations. For details, Instrumentation for ES Modules In NodeJS (experimental). * AWS Lambda Managed Instances deployment mode is not supported. This new hosting option allows deploying Lambda functions on AWS-managed EC2 instance clusters. The Dynatrace Lambda extension and code module layers currently do not support this deployment mode.


Source: aws-lambda-otel-integration.md


title: Trace .NET Lambda functions source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-otel-integration scraped: 2026-02-17T04:56:07.098288


Trace .NET Lambda functions

Trace .NET Lambda functions

  • How-to guide
  • 9-min read
  • Updated on Aug 24, 2023

Dynatrace uses OpenTelemetry to monitor AWS Lambda invocations.

Prerequisites

Ensure that you use a supported AWS Lambda runtime and that you have followed the initial configuration steps described in Monitor AWS Lambda with OpenTelemetry before using the packages below.

The following NuGet packages can be used to cover different aspects of AWS Lambda tracing:

  • Recommended OpenTelemetry.Instrumentation.AWSLambda version 1.2.0-beta.1+—contains methods to trace incoming AWS Lambda invocations, such as calls triggered by AWS SQS/SNS messages.
  • Recommended OpenTelemetry.Instrumentation.AWS version 1.1.0-beta.1+—traces outgoing AWS SDK calls to other AWS Lambda invocations and calls to AWS services, such as DynamoDB, SQS, and SNS.
  • Required Dynatrace.OpenTelemetry.Instrumentation.AwsLambda—enables linking through outgoing AWS Lambda Invoke SDK calls from one Lambda to another. This is the only way to link these kinds of requests; however, if you don't need such linking or don't use the AWS Lambda client SDK to invoke or receive other Lambda invocations, you can replace the package with Dynatrace.OpenTelemetry.

Installation

Any of the above-listed packages can be installed via the CLI. For example, Dynatrace.OpenTelemetry.Instrumentation.AwsLambda can be installed using the following command:

dotnet add package Dynatrace.OpenTelemetry.Instrumentation.AwsLambda

Some packages may require you to specify a version explicitly or use the --prerelease command line flag, such as dotnet add package --prerelease OpenTelemetry.Instrumentation.AWSLambda.

Compatibility with OpenTelemetry and System.Diagnostics.DiagnosticSource versions

Periodically, we need to upgrade the minimum version of the OpenTelemetry NuGet package our components depend on, and consequently, the minimum version of the System.Diagnostics.DiagnosticSource library. This table lists the compatibility between Dynatrace.OpenTelemetry, OpenTelemetry, and System.Diagnostics.DiagnosticSource versions.

Dynatrace.OpenTelemetry version Minimum OpenTelemetry version Minimum System.Diagnostics.DiagnosticSource version
1.273 and earlier 1.1.0 5.0.1
1.275+ 1.3.1 6.0.0

You don't usually need to worry about these dependencies as they're defined for you in our NuGet package. This means that when you upgrade Dynatrace.OpenTelemetry, NuGet might implicitly upgrade your OpenTelemetry or System.Diagnostics.DiagnosticSource version if you are currently on an earlier one.

Initialization

The initialization code for AWS Lambda tracing in your Function.cs file could look as follows (where Function is the configured Lambda handler class):

using System.Threading.Tasks;



using Amazon.Lambda.Core;



using Dynatrace.OpenTelemetry;



using Dynatrace.OpenTelemetry.Instrumentation.AwsLambda;



using OpenTelemetry;



using OpenTelemetry.Instrumentation.AWSLambda;



using OpenTelemetry.Trace;



[assembly: LambdaSerializer(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))]



namespace Examples.AwsFunctionApp



{



public class Function



{



private static readonly TracerProvider TracerProvider;



static Function()



{



DynatraceSetup.InitializeLogging();



TracerProvider = Sdk.CreateTracerProviderBuilder()



.AddDynatrace()



// Configures AWS Lambda invocations tracing



.AddAWSLambdaConfigurations(c => c.DisableAwsXRayContextExtraction = true)



// Instrumentation for creation of span (Activity) representing AWS SDK call.



// Can be omitted if there are no outgoing AWS SDK calls to other AWS Lambdas and/or calls to AWS services like DynamoDB and SQS.



.AddAWSInstrumentation(c => c.SuppressDownstreamInstrumentation = true)



// Adds injection of Dynatrace-specific context information in certain SDK calls (e.g. Lambda Invoke).



// This is required if there are outgoing calls to other Lambdas or DynamoDB using AWS SDK clients.



.AddDynatraceAwsSdkInjection()



.Build();



}



}



}
  • Setting the option DisableAwsXRayContextExtraction to true is required to skip Amazon X-Ray parent extraction, which may conflict with the Dynatrace propagation.
  • If the option SuppressDownstreamInstrumentation is set to true, HTTP child nodes will not be shown under AWS SDK calls.

Tracing incoming AWS Lambda calls

Example 1: Trace an AWS Lambda invoked via AWS SDK

In addition to the initialization part provided above, the handler method of a Lambda invoked via AWS SDK could look as follows:

using System.Threading.Tasks;



using Amazon.Lambda.Core;



using Dynatrace.OpenTelemetry;



using Dynatrace.OpenTelemetry.Instrumentation.AwsLambda;



using OpenTelemetry;



using OpenTelemetry.Instrumentation.AWSLambda;



using OpenTelemetry.Trace;



[assembly: LambdaSerializer(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))]



namespace Examples.AwsFunctionApp



{



public class Function



{



private static readonly TracerProvider TracerProvider;



// Use initialization code from the "Initialization" section of the docs



public Task FunctionHandlerAsync(object input, ILambdaContext context)



{



var propagationContext = AwsLambdaHelpers.ExtractPropagationContext(context);



return AWSLambdaWrapper.TraceAsync(TracerProvider, FunctionHandlerInternalAsync, input, context, propagationContext.ActivityContext);



}



private Task FunctionHandlerInternalAsync(object input, ILambdaContext context)



{



// This is just an example of function handler and should be replaced by actual code.



return Task.CompletedTask;



}



}



}
  • A parent context is extracted explicitly using the AwsLambdaHelpers class from the Dynatrace.OpenTelemetry.Instrumentation.AwsLambda package.
  • An activity tracing the incoming request and the handler is created by the TraceAsync method.
  • TraceAsync should be used when you trace an async function or a function returning a task. That way, the activity ends only when the task completes.

Example 2: Trace an AWS Lambda invoked via Amazon API Gateway (incoming HTTP request)

In addition to the initialization part provided above, the Lambda handler invoked via Amazon API Gateway could look as follows:

using Amazon.Lambda.APIGatewayEvents;



using Amazon.Lambda.Core;



using Dynatrace.OpenTelemetry;



using Dynatrace.OpenTelemetry.Instrumentation.AwsLambda;



using OpenTelemetry;



using OpenTelemetry.Instrumentation.AWSLambda;



using OpenTelemetry.Trace;



[assembly: LambdaSerializer(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))]



namespace Examples.AwsFunctionApp



{



public class Function



{



private static readonly TracerProvider TracerProvider;



// Use initialization code from the "Initialization" section of the docs



public APIGatewayHttpApiV2ProxyResponse FunctionHandler(APIGatewayHttpApiV2ProxyRequest request, ILambdaContext context)



{



return AWSLambdaWrapper.Trace(TracerProvider, FunctionHandlerInternal, request, context);



}



private APIGatewayHttpApiV2ProxyResponse FunctionHandlerInternal(APIGatewayHttpApiV2ProxyRequest request, ILambdaContext context)



{



// This is just an example of function handler and should be replaced by actual code.



return new APIGatewayHttpApiV2ProxyResponse



{



StatusCode = 200,



Body = "Example function result",



};



}



}



}
  • A parent context is extracted from the incoming request in the Trace (or TraceAsync) method.
  • An activity tracing the incoming request and the handler is created by the Trace method.
  • In general, the Trace/TraceAsync methods support any trigger, but extended support is available for the APIGatewayProxyRequest and APIGatewayHttpApiV2ProxyRequest trigger types. For more details about request/response types, consult the GitHub documentation.
  • Trace should only be used when you have a function returning something other than a Task. For the asynchronous handler, TraceAsync should be used instead.

Example 3: Tracing without the AwsLambda package

If you prefer not to use the OpenTelemetry.Instrumentation.AWSLambda package, you can manually create an activity for Lambda. Note that this involves quite a bit of work, as Dynatrace requires certain activity tags (span attributes) to detect the service (conforming to the OpenTelemetry FaaS trace conventions and resource conventions). You also need to manually extract the parent context.

For this example, only the Dynatrace.OpenTelemetry.Instrumentation.AwsLambda package is required.

using System;



using System.Collections.Generic;



using System.Diagnostics;



using System.Reflection;



using Amazon.Lambda.APIGatewayEvents;



using Amazon.Lambda.Core;



using Dynatrace.OpenTelemetry;



using Dynatrace.OpenTelemetry.Instrumentation.AwsLambda;



using OpenTelemetry;



using OpenTelemetry.Context.Propagation;



using OpenTelemetry.Trace;



[assembly: LambdaSerializer(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))]



namespace Examples.AwsFunctionApp



{



public class Function



{



private static readonly TracerProvider TracerProvider;



private static readonly ActivitySource ActivitySource;



static Function()



{



DynatraceSetup.InitializeLogging();



var activitySourceName = Assembly.GetExecutingAssembly().GetName().Name;



ActivitySource = new ActivitySource(activitySourceName);



TracerProvider = Sdk.CreateTracerProviderBuilder()



.AddSource(activitySourceName)



.AddDynatrace()



.Build();



}



public static IEnumerable<KeyValuePair<string, object>> GetFunctionTags(ILambdaContext context, string trigger)



{



return new KeyValuePair<string, object>[]



{



new("faas.name", context.FunctionName),



new("faas.id", context.InvokedFunctionArn),



new("faas.trigger", trigger),



new("cloud.platform", "aws_lambda"),



new("cloud.provider", "aws"),



new("cloud.region", Environment.GetEnvironmentVariable("AWS_REGION")),



};



}



public APIGatewayProxyResponse FunctionHandler(APIGatewayHttpApiV2ProxyRequest apiGatewayProxyEvent, ILambdaContext context)



{



try



{



var parentContext = ExtractParentContext(apiGatewayProxyEvent, context);



using var activity = ActivitySource.StartActivity(ActivityKind.Server, parentContext, GetFunctionTags(context, "http"));



return new APIGatewayProxyResponse



{



StatusCode = 200,



Body = "Example function result",



};



}



catch (Exception ex)



{



context.Logger.LogLine($"Exception occurred while handling request: {ex.Message}");



throw;



}



finally



{



TracerProvider?.ForceFlush();



}



}



private static ActivityContext ExtractParentContext(APIGatewayHttpApiV2ProxyRequest apiGatewayProxyEvent, ILambdaContext context)



{



var propagationContext = AwsLambdaHelpers.ExtractPropagationContext(context);



if (propagationContext == default)



{



propagationContext = Propagators.DefaultTextMapPropagator.Extract(default, apiGatewayProxyEvent, HeaderValuesGetter);



}



return propagationContext.ActivityContext;



}



private static IEnumerable<string> HeaderValuesGetter(APIGatewayHttpApiV2ProxyRequest apiGatewayProxyEvent, string name) =>



(apiGatewayProxyEvent.Headers != null && apiGatewayProxyEvent.Headers.TryGetValue(name.ToLowerInvariant(), out var value)) ? new[] { value } : null;



}



}

Tracing AWS SDK calls

You can use open-source instrumentation NuGet packages to trace Amazon DynamoDB calls using client like AmazonDynamoDBClient or SQS and SNS calls using clients like AmazonSQSClientor AmazonSimpleNotificationServiceClient.

To set up tracing of AWS SDK calls,

  1. Make sure that the following packages are added to your project:

  2. OpenTelemetry.Instrumentation.AWSLambda

  3. OpenTelemetry.Instrumentation.AWS

To learn more about the packages, see Prerequisites. 2. After you add packages to your project, add the following initialization code:

using Dynatrace.OpenTelemetry;



using OpenTelemetry;



using OpenTelemetry.Trace;



namespace Examples.AwsFunctionApp



{



public class Function



{



private static readonly TracerProvider TracerProvider;



static Function()



{



DynatraceSetup.InitializeLogging();



TracerProvider = Sdk.CreateTracerProviderBuilder()



.AddDynatrace()



.AddAWSLambdaConfigurations(c =>



{



c.DisableAwsXRayContextExtraction = true;



c.SetParentFromBatch = true;



})



// Instrumentation used for tracing outgoing calls to AWS services via AWS SDK (including Amazon DynamoDB, SQS/SNS).



// Can be omitted if no outgoing AWS SDK calls expected.



.AddAWSInstrumentation(c => c.SuppressDownstreamInstrumentation = true)



.Build();



}



}



}

Values description

  • SuppressDownstreamInstrumentation
    When set to true, HTTP child nodes will not be shown under AWS SDK calls.
  • SQS SetParentFromBatch

    It controls whether the parent Activity should be set when a potentially batched event is received where multiple parents would be available (e.g. SQS). When set to true the parent is set using one of the received messages. Else, the parent is not set. In both cases, links will be created. * DisableAwsXRayContextExtraction
    We reccomend to set it to true to skip Amazon X-Ray parent extraction and avoid conflicts with the Dynatrace propagation.

Tracing of Amazon DynamoDB operations

To trace Amazon DynamoDB calls, set up AWS SDK instrumentation, ensure you have at least version 1.327.0 of Dynatrace.OpenTelemetry.Instrumentation.AwsLambda and add call .AddDynatraceAwsSdkInjection() to your initialization code. Dynatrace.OpenTelemetry.Instrumentation.AwsLambda and add call .AddDynatraceAwsSdkInjection() to your initialization code.

In the following example, the DynamoDB operations DescribeTable, UpdateItem, and GetItem are represented as separate span child nodes with a common parent outbound-aws-dotnet in eu-central-1 (Lambda function performing DynamoDB operations):

AWS Lambda .NET DynamoDB spans

Tracing of outgoing SQS/SNS messages

To trace outgoing SQS/SNS messages, set up AWS SDK instrumentation. No additional code is required.

Tracing of incoming SQS/SNS messages

To trace incoming SQS/SNS messages,

  1. Set up AWS SDK instrumentation.
  2. Wrap the function handler into one of the tracing methods of the AWSLambdaWrapper class:
using Amazon.Lambda.Core;



using Amazon.Lambda.SQSEvents;



using Dynatrace.OpenTelemetry;



using OpenTelemetry;



using OpenTelemetry.Instrumentation.AWSLambda;



using OpenTelemetry.Trace;



using System.Threading.Tasks;



namespace Examples.AwsFunctionApp



{



public class Function



{



private static readonly TracerProvider TracerProvider;



static Function()



{



// See "Set up tracing for AWS SDK calls" section above.



}



public Task Handler(SQSEvent sqsEvent, ILambdaContext context) =>



AWSLambdaWrapper.TraceAsync(tracerProvider, HandlerInternal, sqsEvent, context);



private Task HandlerInternal(SQSEvent sqsEvent, ILambdaContext context)



{



// This is just an example of async function handler and it should be replaced by actual code.



return Task.CompletedTask;



}



}



}

Special considerations for HttpClient instrumentation

Because with AWS Lambda the function execution environment might be suspended at any time after the function handler execution, the span export might be interrupted or delayed (for example, in some cases, the span might not be exported at all) and outgoing HTTP requests will typically appear only with the next function invocation.

However, outgoing HTTP request activities related to AWS Runtime API might be captured by OpenTelemetry HttpClient instrumentation in the current function invocation, even if unexpected. To avoid unexpected outgoing HTTP requests in the current function invocation, we recommend configuring the following filter when initializing the HttpClient instrumentation.

var tracerProvider = Sdk.CreateTracerProviderBuilder()



// Initialization code similar to previous examples...



.AddHttpClientInstrumentation(op =>



{



op.FilterHttpRequestMessage = req => Activity.Current?.Parent?.IsAllDataRequested ?? false;



})



.Build();

Support of .NET Lambda functions with container images

Starting from .NET 6, Lambda functions can be built and deployed as container images. Initialization and tracing for Managed .NET runtime apply to container image functions without any changes.


Source: lambda-otel-bridge-java.md


title: OpenTelemetry interoperability in Java source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/opentelemetry-interoperability/lambda-otel-bridge-java scraped: 2026-02-17T04:56:23.764102


OpenTelemetry interoperability in Java

OpenTelemetry interoperability in Java

  • Reference
  • 7-min read
  • Updated on Sep 19, 2024

OneAgent version 1.225+

OpenTelemetry interoperability connects the Dynatrace AWS Lambda extension to the OpenTelemetry Java API to use the instrumentation packages and extensions. You can then monitor technologies like databases or messaging frameworks that aren't supported by Dynatrace AWS Lambda extension out of the box.

Before you start

Ensure that OpenTelemetry interoperability is enabled.

Use OpenTelemetry Java instrumentation

OpenTelemetry for Java provides several instrumentation packages in their OpenTelemetry Java instrumentation repository that can be used in combination with the Dynatrace AWS Lambda extension for additional visibility into certain technologies.

Example: Instrument AWS SDK for Java to monitor a DynamoDB database

Dynatrace version 1.277+ The following example shows how the OpenTelemetry AWS SDK instrumentation packages can be used to monitor calls to a DynamoDB database.

Depending on the AWS SDK version you use, add one of the following packages to your package manager configuration (for example, Maven or Gradle).

AWS SDK version

Package to add

Notes

v1

opentelemetry-aws-sdk-1.11-autoconfigure

Experimental span attributes must be enabled via system property (otel.instrumentation.aws-sdk.experimental-span-attributes=true) or environment variable (OTEL_INSTRUMENTATION_AWS_SDK_EXPERIMENTAL_SPAN_ATTRIBUTES=true).

v2

opentelemetry-aws-sdk-2.2-autoconfigure

Once the package has been added as a dependency, instrumentation is automatically added to capture requests to DynamoDB.

For the instrumentation to capture an item, query the item from DynamoDB using the AWS SDK, as in the code example below.

import java.util.Map;



import com.amazonaws.services.lambda.runtime.Context;



import com.amazonaws.services.lambda.runtime.RequestHandler;



import com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent;



import com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPResponse;



import software.amazon.awssdk.services.dynamodb.DynamoDbClient;



import software.amazon.awssdk.services.dynamodb.model.AttributeValue;



import software.amazon.awssdk.services.dynamodb.model.GetItemRequest;



public class SimpleDynamoDBSample implements RequestHandler<APIGatewayV2HTTPEvent, APIGatewayV2HTTPResponse> {



public APIGatewayV2HTTPResponse handleRequest(APIGatewayV2HTTPEvent input, Context context) {



GetItemRequest request = GetItemRequest.builder()



.key(Map.of("mykey", AttributeValue.fromN("42")))



.tableName("MyTable")



.build();



try (DynamoDbClient dynamoDbClient = DynamoDbClient.builder().build()) {



dynamoDbClient.getItem(request);



} catch (Exception e) {



return APIGatewayV2HTTPResponse.builder().withBody("error!").withStatusCode(500).build();



}



return APIGatewayV2HTTPResponse.builder().withBody("success!").withStatusCode(200).build();



}



}

After running the code example above, you'll see the DynamoDB database and individual requests in the related database service.

DynamoDB service screen.

Use OpenTelemetry Java API

OpenTelemetry Java can be used in an SDK-like approach to trace additional operations that aren't covered by Dynatrace out of the box.

@Override



public String handleRequest(Object input, Context context) {



Tracer tracer = GlobalOpenTelemetry.getTracer("instrumentation-library-name", "1.0.0");



Span span = tracer.spanBuilder("do some work").startSpan();



try {



span.setAttribute("foo", "bar");



// ....



return "Hello from OpenTelemetry Java!";



} finally {



span.end();



}



}

The Dynatrace AWS Lambda extension captures only spans created via tracers from GlobalOpenTelemetry and might not work if you try to manually (re)configure GlobalOpenTelemetry.

Trace AWS SQS messages with Java

OneAgent version 1.267+

You can use open-source instrumentation packages to trace AWS SQS and SNS messages and collect them via the Dynatrace AWS Lambda extension.

[Step 1

Install the required dependencies](#dependencies-java)[Step 2

Send an SQS/SNS message](#send-message-java)[Step 3

Receive an SQS/SNS message](#receive-message-java)

Step 1 Install the required dependencies

To enable automatic instrumentation of SQS messages, make sure you have installed the following.

  1. AWS SDK version 2.2+ for sending the messages.

You can use the v1 and v2 SDK in the same Lambda function if you need version v1 in your function. 2. io.opentelemetry.instrumentation:opentelemetry-aws-sdk-2.2-autoconfigure version 1.27+ added as a runtime-only dependency.

The full set of dependencies used in the examples, in Gradle format, is as follows.

dependencies {



// Instrumentation for SQS dependencies



implementation(platform('io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha:1.27.0-alpha'))



runtimeOnly('io.opentelemetry.instrumentation:opentelemetry-aws-sdk-2.2-autoconfigure')



// Only needed if you want to trace messages from batches separately



implementation('io.opentelemetry:opentelemetry-api') // (Version taken from otel-instrumentation BOM)



// Dependencies for the AWS SDK itself -- you should already have this in your Lambda if you send SQS messages



implementation(platform('software.amazon.awssdk:bom:2.20.85'))



implementation('software.amazon.awssdk:sqs') // Uses version from above BOM



// Basic AWS Lambda dependencies -- you should already have this in your Lambda



implementation('com.amazonaws:aws-lambda-java-events:3.6.0') // SQSEvent input, etc



implementation('com.amazonaws:aws-lambda-java-core:1.2.1') // RequestHandler interface, etc



}

Step 2 Send an SQS message

The example below shows a Lambda handler that sends a SQS message.

package com.dynatrace.example.lambda;



import com.amazonaws.services.lambda.runtime.Context;



import com.amazonaws.services.lambda.runtime.RequestHandler;



import software.amazon.awssdk.services.sqs.SqsClient;



import software.amazon.awssdk.services.sqs.model.SendMessageResponse;



public class MessageSender implements RequestHandler<Object, Void> {



private static final SqsClient client = SqsClient.create();



@Override



public Void handleRequest(Object input, Context context) {



final SendMessageResponse resp = client.sendMessage(builder -> builder



.queueUrl("[your SQS-queue URL]")



.messageBody("[your payload]")



);



System.out.printf("Sent message with ID %s (send request ID %s)%n",



resp.messageId(),



resp.responseMetadata().requestId());



return null;



}



}

Note that no extra code is required for tracing because the runtimeOnly dependency added in the first step automatically installs a handler that creates a span behind the scenes in the sendMessage call using the OpenTelemetry API, and OneAgent picks up that span automatically.

Additionally, you need to enable the OneAgent OpenTelemetry integration and set the environment variable OTEL_INSTRUMENTATION_AWS_SDK_EXPERIMENTAL_USE_PROPAGATOR_FOR_MESSAGING to true in your Lambda function's configuration.

Step 3 Receive an SQS/SNS message

Receiving messages works out of the box when you use an AWS Lambda with an SQS trigger monitored with the Dynatrace AWS Lambda extension.

Because a span can have only a single parent, if your Lambda function receives a batch of multiple messages, you need to manually create spans to process each message if you want to track them separately and have them linked to the sender.

  • If that is enough for you, or you have a maximum batch size of one configured, or you send messages only rarely, no additional code or configuration is required.
  • If you want to gain more insights into a batch scenario with multiple messages, you first need to apply some configuration to allow you to override the parent span.

To configure the Dynatrace AWS Lambda extension to allow setting parent spans manually:

  • For the environment variables configuration method, set the DT_OPEN_TELEMETRY_ALLOW_EXPLICIT_PARENT environment variable to true:

    DT_OPEN_TELEMETRY_ALLOW_EXPLICIT_PARENT=true
    
    + For the JSON file configuration method, in dtconfig.json, set the following field to true:

    {
    
    
    
    ...other configuration properties...
    
    
    
    "OpenTelemetry": {
    
    
    
    "AllowExplicitParent": "true"
    
    
    
    }
    
    
    
    }
    

Then new spans can be created with the parent span extracted from each received SQS message.

The following code processes messages one by one and links them to the sender as a parent span.

package com.dynatrace.example.lambda;



import java.util.Map;



import com.amazonaws.services.lambda.runtime.Context;



import com.amazonaws.services.lambda.runtime.RequestHandler;



import com.amazonaws.services.lambda.runtime.events.SQSEvent;



import io.opentelemetry.api.GlobalOpenTelemetry;



import io.opentelemetry.api.trace.Span;



import io.opentelemetry.api.trace.Tracer;



import io.opentelemetry.context.Scope;



import io.opentelemetry.context.propagation.TextMapGetter;



public class MessageIngress implements RequestHandler<SQSEvent, Void> {



private static final Tracer tracer = GlobalOpenTelemetry.getTracer("message-ingress-app");



@Override



public Void handleRequest(SQSEvent input, Context context) {



for (SQSEvent.SQSMessage message: input.getRecords()) {



Span span = tracer



.spanBuilder(message.getEventSource() + " process")



.setSpanKind(SpanKind.CONSUMER) // MUST be either CONSUMER or SERVER



.setParent(GlobalOpenTelemetry



.getPropagators()



.getTextMapPropagator()



.extract(



io.opentelemetry.context.Context.current(),



message.getMessageAttributes(),



SqsMessageRecordGetter.INSTANCE))



.startSpan();



try (Scope ignored = span.makeCurrent()) {



handleMessage(message);



} catch (Throwable e) {



span.recordException(e);



throw e;



} finally {



span.end();



}



}



return null;



}



private void handleMessage(SQSEvent.SQSMessage message) {



// This is where your actual handling code would go



System.out.printf("Handling message with ID %s...%n", message.getMessageId());



}



private enum SqsMessageRecordGetter implements TextMapGetter<Map<String, SQSEvent.MessageAttribute>> {



INSTANCE;



@Override



public Iterable<String> keys(Map<String, SQSEvent.MessageAttribute> carrier) {



return carrier.keySet();



}



@Override



public String get(Map<String, SQSEvent.MessageAttribute> carrier, String key) {



if (carrier == null) {



return null;



}



SQSEvent.MessageAttribute messageAttribute = carrier.get(key);



return messageAttribute == null ? null : messageAttribute.getStringValue();



}



}



}

This code requires a dependency on the OpenTelemetry Java API and enabling the OpenTelemetry integration in OneAgent as explained above in Use OpenTelemetry Java API.

When you deploy the two Lambda functions, add OneAgent, create an SQS queue that the MessageSender sends to, and add a trigger to MessageIngress to receive from that queue, and then invoke the MessageSender function (for example, using the default test event), you should get a distributed trace that looks something like this:

Screenshot of a single Distributed Trace showing an AWS Lambda that sends a SQS message and another one that receives it, along with a manually created process span

You may wonder why both the receiving function and the processing span are direct children of the Sqs.SendMessage span instead of the processing span being a child of the receiving lambda function.

This structure is required to be prepared for batch receives. When you send multiple messages to the queue quickly, your receiver can process a batch of up to 10 messages at once. In this case, there are multiple sender spans from different traces, and the trace structure implemented in the sample code ensures that each process span is linked to the Sqs.SendMessage span of the respective message. Because a span can have only a single parent, the receiving Lambda invoke span can be a child of only one (random) sender.


Source: lambda-otel-bridge-nodejs.md


title: OpenTelemetry interoperability in Node.js source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/opentelemetry-interoperability/lambda-otel-bridge-nodejs scraped: 2026-02-17T05:02:15.904731


OpenTelemetry interoperability in Node.js

OpenTelemetry interoperability in Node.js

  • How-to guide
  • 9-min read
  • Updated on Jun 20, 2024

OneAgent version 1.229+

OpenTelemetry interoperability connects the Dynatrace AWS Lambda extension to the OpenTelemetry Node.js instrumentation to use the instrumentation packages and extensions. You can then monitor technologies like databases or messaging frameworks that aren't supported by Dynatrace AWS Lambda extension out of the box.

Before you start

  • Ensure that OpenTelemetry interoperability is enabled.
  • Verify that the installed JavaScript OpenTelemetry API is compatible with the Dynatrace AWS Lambda extension. The following table lists the compatible versions:
OneAgent version Maximum OpenTelemetry API version
1.229+ 1.0.x
1.241+ 1.1.x
1.257+ 1.2.x
1.259+ 1.3.x
1.261+ 1.4.x
1.279+ 1.6.x
1.283+ 1.7.x
1.289+ 1.8.x
1.297+ 1.9.x

Use OpenTelemetry Node.js instrumentation

When using an OpenTelemetry Node.js instrumentation, the configuration of all necessary OpenTelemetry SDK components and the registration of a TracerProvider are automatically handled by the Dynatrace AWS Lambda extension, so you don't need to register another TracerProvider.

Instrumentation packages for JavaScript can be found in the OpenTelemetry JavaScript contributions repository. Note that

Example: Instrument calls in your Node.js Lambda function via instrumentation package

The following code example shows how to instrument PostgreSQL calls in your Node.js Lambda function by using the opentelemetry-instrumentation-pg instrumentation package.

const { registerInstrumentations } = require('@opentelemetry/instrumentation');



const { PgInstrumentation } = require('@opentelemetry/instrumentation-pg');



// You must create the PgInstrumentation (and other instrumentations)



// before loading any corresponding modules, such as `require('pg')`.



registerInstrumentations({



instrumentations: [



new PgInstrumentation(),



],



});



const { Client } = require('pg');



exports.handler = async function myHandler(event, context) {



let client;



try {



client = new Client(/* DB connection information */);



await client.connect();



const result = await client.query('SELECT * FROM users;');



return result.rows;



} finally {



client?.end();



}



}

To instrument the AWS SDK for JavaScript, OpenTelemetry provides the opentelemetry/instrumentation-aws-sdk instrumentation package.

Example: Instrument AWS SDK for JavaScript to monitor a DynamoDB database

The following code example shows how the opentelemetry/instrumentation-aws-sdk instrumentation package can be used to add observability for calls to a DynamoDB database (Dynatrace version 1.244+).

const AWS = require('aws-sdk');



const { registerInstrumentations } = require('@opentelemetry/instrumentation');



const { AwsInstrumentation } = require('@opentelemetry/instrumentation-aws-sdk');



registerInstrumentations({



instrumentations: [



new AwsInstrumentation()



]



});



exports.handler = function(event, context) {



const ddb = new AWS.DynamoDB();



const dbParamsGetDelete = {



TableName: 'E2E_test_table',



Key: {



'svnr': { N: '1234'}



}



};



ddb.getItem(dbParamsGetDelete, function(err, data) {



if (err) {



console.error('Error', err);



} else {



console.log('Success', data.Item);



}



});



};

After running the above code snippet, the DynamoDB service page looks as follows.

DynamoDB service screen.

Use OpenTelemetry Node.js API

OpenTelemetry JavaScript can be used in an SDK-like approach to trace additional operations that aren't covered by an instrumentation package.

const opentelemetry = require('@opentelemetry/api');



const tracer = opentelemetry.trace.getTracer('my-package-name');



exports.handler = function(event, context) {



// create a span using the OTel API



const span = tracer.startSpan('do some work');



span.setAttribute('foo', 'bar');



span.end();



// ...



const response = {



statusCode: 200,



body: JSON.stringify('Hello from Node.js'),



};



return response;



};

Trace AWS SQS and SNS messages with Node.js

OneAgent version 1.253+ for SQS OneAgent version 1.257+ for SNS

You can use @opentelemetry/instrumentation-aws-sdk package to trace AWS SQS and SNS messages and collect the traces via Dynatrace AWS Lambda extension.

[Step 1

Install the required dependencies](#dependencies-node)[Step 2

Set up tracing](#set-up-tracing-node)[Step 3

Send an SQS/SNS message](#sqs-message-node)[Step 4

Receive an SQS/SNS message](#receive-message-node)

Step 1 Install the required dependencies

npm install @opentelemetry/api @opentelemetry/instrumentation-aws-sdk @opentelemetry/instrumentation aws-sdk

Step 2 Set up tracing

Use the following code to set up tracing for sending SQS messages to an SQS queue from a Dynatrace-monitored Node.js application:

const { AwsInstrumentation } = require('@opentelemetry/instrumentation-aws-sdk');



const { registerInstrumentations } = require('@opentelemetry/instrumentation');



// The instrumentation must be registered before importing the aws-sdk module!



registerInstrumentations({



instrumentations: [



new AwsInstrumentation()



]



});



// You can now import the aws-sdk module if needed:



const AWS = require('aws-sdk');

Step 3 Send an SQS/SNS message

  • Via Node.js HTTP server:

When you make a request to the HTTP server, a message is sent to an SQS queue or SNS topic. If you send a message before the trace root span exists, make sure to create the trace root span manually. For details on the span manual creation with OpenTelemetry, see Use OneAgent with OpenTelemetry data.

Example

In this code example, a trace root span for the incoming HTTP request is created by the tracer.

const http = require("http");



const AWS = require('aws-sdk');



const sqs = new AWS.SQS();



const sns = new AWS.SNS();



const server = http.createServer((req, res) => {



const messageSendCallback = function (err, message) {



if (err) {



console.log("failed to send a message: " + err);



res.writeHead(500);



res.end("failure");



} else {



console.log("Success", message.MessageId);



res.writeHead(200);



res.end("success");



}



}



if (req.url === "/send-sqs-message") {



const params = {



DelaySeconds: 10,



MessageBody: "[your payload]",



QueueUrl: "[your SQS-queue URL]"



};



sqs.sendMessage(params, messageSendCallback);



} else if (req.url === "/send-sns-message") {



const params = {



Message: "[your payload]",



TopicArn: "[your SNS-topic ARN]"



};



sns.publish(params, messageSendCallback);



} else {



res.writeHead(404);



res.end("not found");



}



});



server.on("close", () => { console.log("Closing server") });



server.listen(8004, () => {



console.log("server started!");



});

A request to the /send-sqs-message path should produce traces as shown below.

SQS PurePath example with OneAgent

The second node in the distributed trace named sqs-minimal-sample-nodejs-receiver-trigger send represents the sent SQS message and is generated by the aws-sdk instrumentation.

Because aws-sdk package uses HTTP requests to send SQS messages, there is a call to Requests to public networks, which are captured by the OneAgent HTTP instrumentation. The call invoke comes from the AWS Lambda function subscribed to the SQS queue, which is monitored by the Dynatrace AWS Lambda extension. * Via AWS Lambda function

You can send an SQS or SNS message from an AWS Lambda function monitored by the Dynatrace AWS Lambda extension.

SQS

SNS

const AWS = require('aws-sdk');



exports.handler = function (event, context, callback) {



const sqs = new AWS.SQS();



const params = {



DelaySeconds: 10,



MessageBody: "[your payload]",



QueueUrl: "[your SQS-queue URL]"



};



sqs.sendMessage(params, function (err, data) {



if (err) {



context.succeed({



statusCode: 500,



body: err,



});



} else {



console.log("SQS-Success", data.MessageId);



context.succeed({



statusCode: 200,



body: "SQS-Success",



});



}



});



}

The resulting distributed trace is similar to the Node.js application example:

PurePath example for sqs tracing between two lambda functions

const AWS = require('aws-sdk');



exports.handler = function (event, context, callback) {



const sns = new AWS.SNS();



const params = {



Message: "[your payload]",



TopicArn: "[your SNS-topic ARN]"



};



sns.publish(params, function (err, data) {



if (err) {



context.succeed({



statusCode: 500,



body: err,



});



} else {



console.log("SNS-Success", data.MessageId);



context.succeed({



statusCode: 200,



body: "SNS-Success",



});



}



});



}

Step 3 Receive an SQS/SNS message

SQS

SNS

You can trace SQS messages forwarded from

  • An SQS topic

The Dynatrace AWS Lambda extension automatically extracts the parent and creates a Lambda span when an AWS Lambda function is triggered by AWS SQS. However, when a batch of multiple messages is received, only the last message is considered and used for parent propagation. To propagate parents from the batch of multiple incoming messages you can, for example, manually create spans with the parent from each message.

To configure the Dynatrace AWS Lambda extension to allow setting parent spans manually:

  • For the environment variables configuration method, set the DT_OPEN_TELEMETRY_ALLOW_EXPLICIT_PARENT environment variable to true:

    DT_OPEN_TELEMETRY_ALLOW_EXPLICIT_PARENT=true
    
    + For the JSON file configuration method, in dtconfig.json, set the following field to true:

    {
    
    
    
    ...other configuration properties...
    
    
    
    "OpenTelemetry": {
    
    
    
    "AllowExplicitParent": "true"
    
    
    
    }
    
    
    
    }
    

Then new spans can be created with the parent span extracted from each received SQS message.

Example: Receive a batch of multiple messages

const { propagation, ROOT_CONTEXT, trace, SpanKind } = require("@opentelemetry/api");



const { MessagingOperationValues, SemanticAttributes } = require("@opentelemetry/semantic-conventions");



const AWS = require("aws-sdk");



const queueUrl = "[sqs queue url]";



const tracer = trace.getTracer("my-receiver");



exports.handler = async (event) => {



const sqs = new AWS.SQS();



await new Promise((resolve, reject) => {



const receiveParams = {



MaxNumberOfMessages: 10,



QueueUrl: queueUrl,



// MessageAttributeNames not needed if @opentelemetry/instrumentation-aws-sdk is used



MessageAttributeNames: propagation.fields()



};



sqs.receiveMessage(receiveParams, function (err, data) {



if (err) {



console.log("ERROR: ", err);



reject(err);



} else if (data.Messages?.length) {



data.Messages.forEach((msg) => {



console.log("message received:", msg.MessageId)



// manual span creation



const ctx = extractParent(msg, /*fromSnsPayload=*/ false);



const spanAttributes = {



[SemanticAttributes.MESSAGING_MESSAGE_ID]: msg.MessageId,



[SemanticAttributes.MESSAGING_URL]: queueUrl,



[SemanticAttributes.MESSAGING_SYSTEM]: "aws.sqs",



[SemanticAttributes.MESSAGING_OPERATION]: MessagingOperationValues.PROCESS,



};



const span = tracer.startSpan("received message", { kind: SpanKind.CONSUMER, attributes: spanAttributes }, ctx);



// ... Here your actual processing would go...



span.end();



const deleteParams = {



QueueUrl: queueUrl,



ReceiptHandle: msg.ReceiptHandle



};



sqs.deleteMessage(deleteParams, function (err, data) {



if (err) {



console.log("Delete Error", err);



} else {



console.log("Message Deleted", data);



}



});



});



}



resolve();



});



});



};



function extractParent(msg, fromSnsPayload=false) {



let valueKey = "StringValue"



if (fromSnsPayload) {



valueKey = "Value";



try {



msg = JSON.parse(msg.Body)



} catch {



msg = {}



}



}



const carrier = {};



Object.keys(msg.MessageAttributes || {}).forEach((attrKey) => {



carrier[attrKey] = msg.MessageAttributes[attrKey]?.[valueKey];



});



return propagation.extract(ROOT_CONTEXT, carrier)



};

In the example above, aws-sdk is used to subscribe and receive messages from an SQS queue. For each incoming message, the parent span is extracted from the message attributes, and a new received message span with the extracted parent is created. If your SQS queue is subscribed to an SNS topic, the example above might need to be adapted. For details, see Tracing SQS messages forwarded from an SNS topic.

The resulting distributed trace with two messages sent to a queue looks as below.

PurePath example for manually created SQS receive messages * An SNS topic

For SNS messages that are forwarded to SQS, the message format depends on the raw message delivery configuration on the SNS subscription.

Raw message delivery

Message format

Example

Enabled

The SNS message attributes are converted to SQS message attributes and the parent can be directly extracted from the MessageAttributes of the SQS message.

Disabled

The SNS message and its MessageAttributes are delivered as a serialized JSON string in the body of the received SQS message. To correctly link the receive span, the parent needs to be extracted from the MessageAttributes of the serialized SNS message.

  • Receive a batch of multiple messages Additional configuration is required for this example. When calling the extractParent method, set the value of the fromSnsPayload parameter to true.

AWS Lambda functions that are triggered by SNS are supported out of the box when monitored with the Dynatrace AWS Lambda extension.

SNS topics can be configured via a subscription to forward messages to an SQS queue. Messages in the SQS queue can then be consumed by a Lambda function. Tracing the received messages in the SQS-triggered AWS Lambda function works out of the box when AWS Lambda is monitored with the Dynatrace AWS Lambda extension. However, the tracer can only select a single parent, and if your Lambda function receives batches of multiple messages, special handling is required to track each message separately.

For details, see how to receive an SQS message.


Source: lambda-otel-bridge-python.md


title: OpenTelemetry interoperability in Python source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/opentelemetry-interoperability/lambda-otel-bridge-python scraped: 2026-02-17T04:59:07.619958


OpenTelemetry interoperability in Python

OpenTelemetry interoperability in Python

  • How-to guide
  • 10-min read
  • Updated on Jan 16, 2026

OpenTelemetry interoperability connects the Dynatrace AWS Lambda extension to the OpenTelemetry Python instrumentation to use the instrumentation packages and extensions. You can then monitor technologies like databases or messaging frameworks that aren't supported by Dynatrace AWS Lambda extension out of the box.

Before you start

  • Ensure that OpenTelemetry interoperability is enabled.
  • Verify that the installed OpenTelemetry Python API version is compatible with the Dynatrace AWS Lambda extension. The following tables list the compatible versions:
OneAgent version Maximum OpenTelemetry API version
1.329+ 1.38.x
1.323+ 1.36.x
1.321+ 1.35.x

Older versions

OneAgent version Maximum OpenTelemetry API version
1.319+ 1.34.x
1.315+ 1.32.x
1.313+ 1.31.x
1.311+ 1.30.x
1.307+ 1.29.x
1.303+ 1.27.x
1.299+ 1.26.x
1.295+ 1.25.x
1.291+ 1.24.x
1.285+ 1.22.x
1.281+ 1.21.x
1.277+ 1.20.x
1.273+ 1.19.x
1.269+ 1.18.x
1.265+ 1.17.x
1.259+ 1.15.x
1.257+ 1.14.x
1.253+ 1.13.x
1.249+ 1.12.x
1.243+ 1.11.x
1.239+ 1.9.x
1.235+ 1.8.x
1.233+ 1.7.x

Use OpenTelemetry Python instrumentation

OpenTelemetry for Python provides several instrumentation packages in their OpenTelemetry Python contributions repository.

Example: Instrument package in a Python Lambda function via instrumentation package

The following code example shows how to instrument PostgreSQL queries in a Python Lambda function by using the aiopg instrumentation package.

import json



import aiopg



from opentelemetry.instrumentation.aiopg import AiopgInstrumentor



AiopgInstrumentor().instrument()



def lambda_handler(event, context):



return {



'statusCode': 200,



'body': json.dumps(execute_query())



}



def execute_query():



result = []



with aiopg.connect(database='my_db') as conn:



with conn.cursor() as cur:



cur.execute("SELECT 'hello db';")



for row in cur:



result.append(row)



return result

To instrument boto3, the AWS SDK for Python, OpenTelemetry provides the botocore instrumentation package.

Example: Instrument AWS SDK for Python to monitor a DynamoDB database

The code example below shows how the botocore instrumentation can be used to add observability for calls to a DynamoDB database (Dynatrace version 1.244+).

import boto3



import json



from opentelemetry.instrumentation.botocore import BotocoreInstrumentor



BotocoreInstrumentor().instrument()



dynamodb = boto3.resource('dynamodb')



table = dynamodb.Table('MyTable')



def lambda_handler(event, handler):



result = table.get_item(Key={'mykey': 42})



return {



"statusCode": 200,



"answer": json.dumps(result.get("Item"))



}

DynamoDB service screen

Use OpenTelemetry Python API

OpenTelemetry Python can be used in an SDK-like approach to trace additional operations that aren't covered by an instrumentation package.

import json



from opentelemetry import trace



def lambda_handler(event, context):



tracer = trace.get_tracer(__name__)



with tracer.start_as_current_span("do work"):



# do work



with tracer.start_as_current_span("do some more work") as span:



span.set_attribute("foo", "bar")



# do some more work



return {



'statusCode': 200,



'body': json.dumps('Hello from Hello world from OpenTelemetry Python!')



}

These spans are displayed on the Code level tab.

OpenTelemetry lambda

Trace AWS SQS and SNS messages with Python

OneAgent version 1.253+ for SQS OneAgent version 1.257+ for SNS

You can use open-source instrumentation packages to trace AWS SQS and SNS messages and collect them via the Dynatrace AWS Lambda extension.

[Step 1

Install the required dependencies](#dependencies-python)[Step 2

Send an SQS/SNS message](#send-message-python)[Step 3

Receive an SQS/SNS message](#receive-message-python)

Step 1 Install the required dependencies

SQS

SNS

pip install -U "opentelemetry-api>=1.12" "opentelemetry-instrumentation-boto3sqs>=0.34b0"

At this point, opentelemetry-instrumentation-boto3sqs is a separate package from opentelemetry-instrumentation-botocore. The latter instruments all AWS SDK calls, but lacks enhanced support for SQS.

If you install the dependencies into a Lambda function or layer, you can use the -t option to specify a target directory where the installed packages should be copied.

pip install -U "opentelemetry-instrumentation-botocore>=0.36b0"

Step 2 Send an SQS/SNS message

The boto3 package is available out of the box if the code runs in AWS Lambda, but you can also install it using pip install -U boto3.

This code defining a function named lambda_handler can be used

  • Inside AWS Lambda (we recommend monitoring it with our AWS Lambda layer)
  • Outside AWS Lambda (monitoring is performed with OpenTelemetry and exported to Dynatrace via OTLP/HTTP ingest)

You might want to remove the function parameters and return value.

SQS

SNS

from opentelemetry.instrumentation.boto3sqs import Boto3SQSInstrumentor



Boto3SQSInstrumentor().instrument()



import json



import boto3



from datetime import datetime



QUEUE_URL = "<Your SQS Queue URL>"



sqs = boto3.client("sqs")



def lambda_handler(event, context):



sent = []



for i in range(5):



res = sqs.send_message(QueueUrl=QUEUE_URL, MessageBody=f"hello #{i} at {datetime.now()}")



sent.append(res["MessageId"])



return {



"statusCode": 200,



"body": json.dumps({"produced_messages": sent})



}
from opentelemetry.instrumentation.botocore import BotocoreInstrumentor



BotocoreInstrumentor().instrument()



import json



import boto3



from datetime import datetime



TOPIC_ARN = "<Your SNS topic ARN>"



sns = boto3.client("sns")



def lambda_handler(event, context):



res = sns.publish(TopicArn=TOPIC_ARN, Message=f"hello at {datetime.now()}")



return {



"statusCode": 200,



"body": json.dumps({"produced_message": res["MessageId"]})



}

Step 3 Receive an SQS/SNS message

SQS

SNS

You can trace SQS messages forwarded from

  • An SQS topic

Receiving messages works out of the box when you use an AWS Lambda with an SQS trigger monitored with the Dynatrace AWS Lambda extension. Because a span can have only a single parent, if your Lambda function receives a batch of multiple messages, you need to manually create spans to process every single message if you want to track them separately and have them linked to the sender.

To configure the Dynatrace AWS Lambda extension to allow setting parent spans manually:

  • For the environment variables configuration method, set the DT_OPEN_TELEMETRY_ALLOW_EXPLICIT_PARENT environment variable to true:

    DT_OPEN_TELEMETRY_ALLOW_EXPLICIT_PARENT=true
    
    + For the JSON file configuration method, in dtconfig.json, set the following field to true:

    {
    
    
    
    ...other configuration properties...
    
    
    
    "OpenTelemetry": {
    
    
    
    "AllowExplicitParent": "true"
    
    
    
    }
    
    
    
    }
    

Then new spans can be created with the parent span extracted from each received SQS message.

Example: Receive messages with AWS Lambda SQS trigger

If you invoke the sender and have deployed the example, it will be invoked automatically by SQS.

from pprint import pformat



import boto3



import json



from opentelemetry import trace, propagate



from opentelemetry.semconv.trace import SpanAttributes, MessagingOperationValues



tracer = trace.get_tracer("lambda-sqs-triggered")



def lambda_handler(event, context):



recvcount = 0



print("Trigger", pformat(event))



messages = event.get("Records") or ()



# Lambda SQS event uses lowerCamelCase in its attribute names



for msg in messages:



recvcount += 1



print("Processing", msg["messageId"])



parent = _extract_parent(msg, from_sns_payload=False)



with tracer.start_as_current_span("manual-trigger-process", context=parent, kind=trace.SpanKind.CONSUMER, attributes={



SpanAttributes.MESSAGING_MESSAGE_ID : msg["messageId"],



SpanAttributes.MESSAGING_URL : msg["eventSourceARN"],



SpanAttributes.MESSAGING_SYSTEM : msg["eventSource"],



SpanAttributes.MESSAGING_OPERATION : MessagingOperationValues.PROCESS.value,



}):



# ... Here your actual processing would go...



pass



print("Processed", recvcount, "messages")



def _extract_parent(msg, from_sns_payload=False):



if from_sns_payload:



try:



body = json.loads(msg.get("body", "{}"))



except json.JSONDecodeError:



body = {}



carrier = {key: value["Value"] for key, value in body.get("MessageAttributes", {}).items() if "Value" in value}



else:



carrier = {key: value["stringValue"] for key, value in msg.get("messageAttributes", {}).items() if "stringValue" in value}



return propagate.extract(carrier)

The resulting path looks as follows:

Distributed trace detail view, showing AWS SQS messages sent, which trigger a Lambda where they are processed.

The invoked Lambda function is a child of one of the messages by which it's triggered. Since there can only be one parent, the other manual-trigger–process spans aren't linked directly to the Lambda invocation in which they are handled. Often, there's more than one Lambda invocation node for a batch of messages. In those cases, AWS distributed the batch over multiple Lambda invocations. This can happen even if the messages are delivered within your configured batch window time and number less than your configured batch size.

Example: Call the SQS receive APIs manually

If you have deployed the example that uses the receive API in code, you need to invoke it manually and it will attempt to read all messages from the queue.

This example uses the boto3sqs instrumentation. If you don't want to use it, you need to uncomment the MessageAttributeNames argument in the receive_message function, otherwise, SQS will omit data required to link the message to its sender from the retrieved data.

This code can also be used outside a Lambda function and monitored with OpenTelemetry without the Dynatrace AWS Lambda extension.

from opentelemetry.instrumentation.boto3sqs import Boto3SQSInstrumentor



Boto3SQSInstrumentor().instrument()



from pprint import pformat



import boto3



import json



from opentelemetry import trace, propagate



from opentelemetry.semconv.trace import SpanAttributes, MessagingOperationValues



QUEUE_URL = '<Your SQS Queue URL>'



sqs = boto3.client("sqs")



tracer = trace.get_tracer("lambda-receive-function")



def lambda_handler(event, context):



recvcount = 0



while True:



msg_receive_result = sqs.receive_message(



MaxNumberOfMessages=10,



QueueUrl=QUEUE_URL,



WaitTimeSeconds=1, # WaitTime of zero would use sampled receive, may return empty even if there is a message



# This argument is only required if you do not use the boto3sqs instrumentation:



#MessageAttributeNames=list(propagate.get_global_textmap().fields)



)



print("Received", pformat(msg_receive_result))



if not msg_receive_result.get('Messages'):



break



messages = msg_receive_result.get("Messages")



# receive result uses PascalCase in its attribute names



for msg in messages:



recvcount += 1



print("Processing", msg["MessageId"])



parent = _extract_parent(msg, from_sns_payload=False)



with tracer.start_as_current_span("manual-receive-process", context=parent, kind=trace.SpanKind.CONSUMER, attributes={



SpanAttributes.MESSAGING_MESSAGE_ID: msg["MessageId"],



SpanAttributes.MESSAGING_URL: QUEUE_URL,



SpanAttributes.MESSAGING_SYSTEM: "aws.sqs",



SpanAttributes.MESSAGING_OPERATION: MessagingOperationValues.PROCESS.value,



}):



# ... Here your actual processing would go...



print("Delete result", sqs.delete_message(



QueueUrl=QUEUE_URL,



ReceiptHandle=msg['ReceiptHandle'],



))



print("Processed", recvcount, "messages")



def _extract_parent(msg, from_sns_payload=False):



if from_sns_payload:



try:



body = json.loads(msg.get("Body", "{}"))



except json.JSONDecodeError:



body = {}



carrier = {key: value["Value"] for key, value in body.get("MessageAttributes", {}).items() if "Value" in value}



else:



carrier = {key: value["StringValue"] for key, value in msg.get("MessageAttributes", {}).items() if "StringValue" in value}



return propagate.extract(carrier)

Creating the manual-receive-process span manually is necessary because the boto3sqs instrumentation doesn't set the sender as a parent for the processing span, but uses OpenTelemetry links, which are currently not supported by Dynatrace. For the manual-receive-process span linking to work correctly, you need to configure the Dynatrace AWS Lambda extension to allow setting parent spans manually. See the previous example for guidance.

Invoking first the code that sends SQS messages, then the manual receive code, deployed as Lambda functions, results in two traces:

  • The first trace shows the flow of the message from the sender to the processor:

    Distributed trace detail view, showing AWS SQS messages sent and processed in another process.

    There are additional Requests to public networks nodes because the boto3 package uses HTTP requests to send SQS messages, which are captured by Dynatrace HTTP instrumentation.

    You'll notice that the invocation and receive node of the second Lambda invocation are missing from this trace, even though the manual-receive-process nodes are there. This is because the Lambda function was triggered independently of the message flow, and just happened to receive the message as part of its handler code. + The second trace in Dynatrace shows the Lambda invocation until it's cut in two by setting the explicit parent:

    Distributed trace detail view, showing AWS SQS messages received with the Python boto3 SDK. * An SNS topic

For SNS messages that are forwarded to SQS, the message format depends on the raw message delivery configuration on the SNS subscription.

Raw message delivery

Message format

Example

Enabled

The SNS message attributes are converted to SQS message attributes and the parent can be directly extracted from the MessageAttributes of the SQS message.

Disabled

The SNS message and its MessageAttributes are delivered as a serialized JSON string in the body of the received SQS message. To correctly link the receive span, the parent needs to be extracted from the MessageAttributes of the serialized SNS message.

Additional configuration is required for both examples; when calling the _extract_parent method, set the value of the from_sns_payload parameter to True.

AWS Lambda functions that are triggered by SNS are supported out of the box when monitored with the Dynatrace AWS Lambda extension.

SNS topics can be configured via a subscription to forward messages to an SQS queue. Messages in the SQS queue can then be consumed by a Lambda function. Tracing the received messages in the SQS-triggered AWS Lambda function works out of the box when AWS Lambda is monitored with the Dynatrace AWS Lambda extension. However, the tracer can only select a single parent, and if your Lambda function receives batches of multiple messages, special handling is required to track each message separately.

For details, see how to receive an SQS message.


Source: log-enrichment.md


title: AWS Lambda logs in context of traces source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/opentelemetry-interoperability/log-enrichment scraped: 2026-02-16T21:12:44.132168


AWS Lambda logs in context of traces

AWS Lambda logs in context of traces

  • How-to guide
  • 2-min read
  • Published Feb 08, 2022

This page describes how to include TraceId and SpanId information in user-generated log messages. This way, you can associate log messages with the surrounding trace.

Prerequisites

  • Set up AWS Lambda log collection or Stream logs via Amazon Data Firehose.
  • Enable OpenTelemetry interoperability for the Lambda function.
  • The log output generated by the AWS Lambda function must be formatted so that the TraceId and SpanId information can be picked up. The expected format of the enriched fields in an unstructured log is as follows:

  • Encapsulated in square brackets [] with a !dt prefix

  • dt.trace_id and dt.span_id must be hex-encoded strings Example: [!dt dt.trace_id=0af7651916cd43dd8448eb211c80319c,dt.span_id=00f067aa0ba902b7]

Check AWS Lambda log collection to learn more about limitations since Lambda log enrichment is not automatic.

OpenTelemetry Python

In the example below, a dt_log function has been created to enrich a given log message with trace_id and span_id information. Printing this enriched message to the configured log sink associates the log message with the currently active span in the Dynatrace web UI.

import logging



from opentelemetry import trace



def dt_log(self, record):



if (not self.disabled) and self.filter(record):



ctx = trace.get_current_span().get_span_context()



if ctx.is_valid:



trace_id = "{0:032X}".format(ctx.trace_id)



span_id = "{0:016X}".format(ctx.span_id)



record.msg = f"[!dt dt.trace_id={trace_id},dt.span_id={span_id}] - {record.msg}"



self.callHandlers(record)



logging.Logger.handle = dt_log



def lambda_handler(event, context):



logger = logging.getLogger()



logger.warning("Hello world")



return {



"statusCode": 200,



"body": "Hello from lambda"



}

OpenTelemetry JavaScript (Node.js)

In the example below, a dt_log function has been created to enrich a given log message with trace_id and span_id information. Printing this enriched message to stdout associates the log message with the currently active span in the Dynatrace web UI.

const opentelemetry = require('@opentelemetry/api');



function dtLog(msg) {



const spanContext = opentelemetry.trace.getSpanContext(opentelemetry.context.active()) ?? opentelemetry.INVALID_SPAN_CONTEXT;



console.log(`[!dt dt.trace_id=${spanContext.traceId},dt.span_id=${spanContext.spanId}] - ${msg}`);



}



exports.handler = function(event, context) {



const msg = "Hello World"



dtLog(msg);



context.succeed({



statusCode: 200,



body: msg



});



};

Logs created by some commonly used Node.js logging frameworks are automatically associated with traces by using the corresponding OpenTelemetry instrumentations.

Node.js logging framework

OpenTelemetry instrumentation

winston

@opentelemetry/instrumentation-winston

pino

@opentelemetry/instrumentation-pino

bunyan

@opentelemetry/instrumentation-bunyan

In the example below, the winston instrumentation is used to enrich a winston info log with TraceId and SpanId. The created log is associated with the currently active span in Dynatrace.

const otelApi = require('@opentelemetry/api');



const { registerInstrumentations } = require('@opentelemetry/instrumentation');



const { WinstonInstrumentation } = require('@opentelemetry/instrumentation-winston');



registerInstrumentations({



instrumentations: [new WinstonInstrumentation()],



});



const winston = require('winston');



exports.handler = function (event, context, callback) {



const logger = winston.createLogger({



transports: [new winston.transports.Console()],



});



logger.info('winston info log');



context.succeed({



statusCode: 200,



body: 'Hello from AWS Lambda Node.js',



});



}

OpenTelemetry Java

In the example below, a dtLog method has been created to enrich a given log message with TraceId and SpanId information. Printing this enriched message via System.out associates the log message with the currently active span in the Dynatrace web UI.

package com.amazonaws.lambda.demo;



import com.amazonaws.services.lambda.runtime.Context;



import com.amazonaws.services.lambda.runtime.RequestHandler;



import io.opentelemetry.api.trace.Span;



import io.opentelemetry.api.trace.SpanContext;



public class HelloJava implements RequestHandler<Object, String> {



private static void dtLog(final String msg) {



SpanContext spanContext = Span.current().getSpanContext();



System.out.printf(



"[!dt dt.trace_id=%s,dt.span_id=%s] - %s%n",



spanContext.getTraceId(),



spanContext.getSpanId(),



msg



);



}



@Override



public String handleRequest(Object input, Context context) {



String msg = "Hello World";



dtLog(msg);



return msg;



}



}

Source: opentelemetry-interoperability.md


title: OpenTelemetry interoperability source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/opentelemetry-interoperability scraped: 2026-02-17T04:56:16.241437


OpenTelemetry interoperability

OpenTelemetry interoperability

  • 1-min read
  • Updated on Apr 24, 2023

With Dynatrace interoperability for OpenTelemetry, you can use the instrumentation packages available from OpenTelemetry to monitor technologies (like databases or messaging frameworks) that aren't supported by the Dynatrace AWS Lambda extension out-of-the box. The Dynatrace AWS Lambda extension automatically captures the additional span instrumentation and integrates it with any other telemetry captured without any need to configure additional OpenTelemetry exporters.

OpenTelemetry is a collection of tools, APIs, and SDKs. You can use it to instrument, generate, collect, and export telemetry data (metrics, logs, and traces) for analysis to get insights into your software's performance and behavior. OpenTelemetry interoperability connects Dynatrace AWS Lambda extension to OpenTelemetry API for the respective instrumentation.

Enable OpenTelemetry interoperability

{



...other configuration properties...



"OpenTelemetry": {



"EnableIntegration": true



}



}

Learn more

To learn more about how OpenTelemetry interoperability works, see


Source: trace-lambda-functions.md


title: Trace Lambda functions source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/trace-lambda-functions scraped: 2026-02-17T04:51:18.553491


Trace Lambda functions

Trace Lambda functions

  • How-to guide
  • 8-min read
  • Updated on Jan 23, 2026

Dynatrace provides you with a dedicated AWS Lambda layer that contains the Dynatrace extension for AWS Lambda. You need to add the publicly available layer for your runtime and region to your function. Then, based on your configuration method, Dynatrace provides a template or configuration for your AWS Lambda function.

Capabilities

Dynatrace provides extensive Python, Node.js, and Java monitoring capabilities:

  • Automatic distributed tracing across AWS services such as API Gateway, SQS, SNS, EventBridge and seamless integration with other AWS services. For more details, refer to AWS Lambda integration.

  • OpenTelemetry support for trace and metric ingestion.

  • Native log ingestion from Lambda functions. Dynatrace supports log ingestion directly via the AWS Lambda Telemetry API, reducing dependency on CloudWatch. For more details, refer to AWS Lambda log collection.
  • Cold start detection and optimization.
  • Infrastructure-as-Code support (Terraform, AWS SAM, Serverless Framework).

See our supported technologies matrix for details on supported frameworks and runtimes for AWS supported runtimes.

Incoming invocations

For AWS Lambda invocations, Dynatrace offers generic support for all trigger types. OneAgent can capture specific information or connect the trace to any parent and therefore add additional information only for invocations made via:

  • AWS SDK Lambda Invoke API
  • API gateway
  • Lambda function URL
  • AWS SQS
  • AWS SNS
  • AWS EventBridge
  • AWS Application Load Balancer

For other invocation types, OneAgent can't capture any specific information or connect the trace to any parent. Invocations via the AWS SDK require the client to be instrumented with Dynatrace to connect the trace.

Steps

Enable monitoring for AWS Lambda functions

To get started

  1. In Dynatrace Hub, select AWS Lambda.
  2. Select Set up.

  3. Follow the instructions to enable monitoring of AWS Lambda functions.

Choose a configuration method

Dynatrace OneAgent is distributed as a Lambda layer that can be enabled and configured manually or using well-known Infrastructure as Code (IaC) solutions. The Lambda layer is stored in the Dynatrace AWS account 585768157899.

The wizard provides you with various configuration options and configuration snippets you can use in your deployment automation of choice.

Quick start vs. advanced configuration

Latest Dynatrace

This option is available only in the latest Dynatrace. For details, see Upgrade to the latest Dynatrace.

After you select your runtime, you have two different observability options:

  • Quick start

This is a fast onboarding option with minimal setup. You select only the architecture, region, and configuration method. You'll monitor your environment using distributed tracing. This setup is useful for using the basic AWS Lambda functions with standard monitoring needs. * Advanced configuration

You have a much richer selection of customization options. This setup is useful for teams that need detailed observability, more control, and customizations for complex environments or specific monitoring needs. It provides integration with other AWS services, such as CloudWatch and X-Ray.

Configure with JSON file

If you select this method, Dynatrace provides you with:

  • An environment variable to add to your AWS Lambda function
  • A JSON snippet that you need to copy into the dtconfig.json file in the root folder of your Lambda deployment
  • Lambda layer ARN

When using this method, make sure that you add the Dynatrace Lambda layer to your function. You can do this through the AWS console (Add layer > Specify an ARN and paste the ARN displayed on the deployment page) or by using an automated solution of your choice.

Enter environment variables via the AWS Console

Lambda environment variables cropped

Enter the Lambda layer ARN via the AWS Console

Specify a layer by providing the ARN

Configure with environment variables

Environment variables can be used for configuration, but we advise using the Secrets Manager as the recommended approach for fetching a security token. For more details, refer to Fetch token from AWS Secrets Manager.

When using this method, make sure that you add the Dynatrace Lambda layer to your function. The layer, as well as the environment variables, can be set either manually through the AWS console (Add layer > Specify an ARN and paste the ARN displayed on the deployment page) or by using an automated solution of your choice.

Client-side decryption of environment variables (Security in Transit) is not supported.

If you select this method, Dynatrace provides you with:

  • Values to define environment variables for the AWS Lambda functions that you want to monitor

AWS Lambda environment variables * Lambda layer ARN

Specify a layer by providing the ARN

Configure and deploy using Terraform

Terraform is a popular Infrastructure as Code (IaC) solution. If you select this method, Dynatrace provides you with:

  • A template to define the AWS Lambda function. This includes all the configuration that you need to deploy and configure the Dynatrace AWS Lambda extension together with your functions.
  • Lambda layer ARN

Configure and deploy using AWS SAM

The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications.

If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.

Configure and deploy using the serverless framework

The Serverless Application option is a framework for deploying serverless stacks.

If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.

Configure and deploy using AWS CloudFormation

AWS CloudFormation is an IaC solution that enables provisioning of a wide range of AWS services.

If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.

Specify a Dynatrace API endpoint

Optional

This is an optional step that enables you to specify a Dynatrace API endpoint to which monitoring data will be sent.

The typical scenario is to deploy a Dynatrace ActiveGate in close proximity (same region) to the Lambda functions that you want to monitor in order to reduce network latency, which can impact the execution and cold start time of your Lambda functions for (usually one) network request by OneAgent per Lambda invocation (which happens at the end of the invocation). See <#monitoring-overhead> section for typical overhead numbers.

Enable Real User Monitoring

Optional

This is an optional step to use Real User Monitoring (RUM), which provides you with deep insights into user actions and performance via the browser or in mobile apps.

Configure the AWS API Gateway

  • If inbound (non-XHR) requests to your Lambda functions are not connected to the calling application, configure the API Gateway to pass through the Dynatrace tag. To do this, enable Use Lambda Proxy Integration on the Integration Request configuration page of the API Gateway.
  • If the API Gateway is configured from the Lambda configuration page, this setting will be enabled by default. For more information, see Enable CORS on a resource using the API Gateway console.

AWS Lambda also supports non-proxy integration, which—without some additional configuration—prevents Dynatrace from

  • Tracing calls from other monitored applications
  • RUM detection (web and mobile)

To make tracing calls from other monitored applications/RUM detection work in this scenario, create a custom mapping template in the integration requests configuration.

  1. In the AWS API Gateway Console, go to Resources and select a request method (for example, GET).
  2. Select Mapping Templates and then select Add mapping template.
  3. Add the following content to the template:
{



"path": "$context.path",



"httpMethod": "$context.httpMethod",



"headers": {



#foreach($param in ["x-dynatrace", "traceparent", "tracestate", "x-dtc", "referer", "host", "x-forwarded-proto", "x-forwarded-for", "x-forwarded-port"])



"$param": "$util.escapeJavaScript($input.params().header.get($param))"



#if($foreach.hasNext),#end



#end    },



"requestContext": {



"stage": "$context.stage"



}



}

The x-dtc header is specific to tracing RUM scenarios, whereas the remaining headers are generally needed to link traces together and extract relevant information, such as web request metadata. 4. Select Save to save your configuration. 5. Redeploy your API.

Configure AWS

Make sure the x-dtc header is allowed in the CORS settings of your monitored Lambda functions.

RUM for Lambda functions requires a specific header (x-dtc) to be sent with XHR calls to AWS. To enable it, the CORS settings of your AWS deployment must allow the x-dtc header during preflight (OPTIONS) requests. To configure CORS and allow the x-dtc header for your specific setup, see Enable CORS on a resource using the API Gateway console in AWS documentation.

Configure Dynatrace

To configure the x-dtc header for calls to your Lambda functions

  1. Go to Web, Mobile, Frontend, or Custom Applications, depending on your application type.
  2. Select the application you want to connect with your Lambda function.
  3. Select the browse menu (…) in the upper-right corner and select Edit.
  4. Select Capturing > Async web requests and SPAs.
  5. Make sure that your framework of choice is enabled. If your framework is not listed, enable Capture XmlHttpRequest (XHR) for generic support of XHR.
  6. Select Capturing > Advanced setup.
  7. Scroll down to the Enable Real User Monitoring for cross-origin XHR calls section and enter a pattern that matches the URL to your Lambda functions. For example: TheAwsUniqueId.execute-api.us-east-1.amazonaws.com
  8. Select Save. After a few minutes, the header will be attached to all calls to your Lambda function and requests from your browser will be linked to the backend.

Failed requests

If requests start failing after enabling this option, review your CORS settings. To learn how to configure CORS, see Enable CORS on a resource using the API Gateway console in AWS documentation.

Deployment

Copy the configuration snippets into your deployment and use your deployment method of choice to enable the layer and set the configuration for your Lambda functions.

Configuration options

Fetch token from AWS Secrets Manager

OneAgent version 1.295+

Instead of specifying the authentication token explicitly in the configuration, you can configure OneAgent to fetch a token stored in AWS Secrets Manager.

Prerequisites

  • Make sure you granted the secretsmanager:GetSecretValue permission for the authentication token secret ARN to the Lambda function monitored by OneAgent. For details, see Authentication and access control for AWS Secrets Manager in the AWS Secrets Manager documentation.
  • Make sure the secret value contains only the plaintext authentication token value (without quotes). Note that

  • Secrets with JSON structure are not supported. For details, see Create an AWS Secrets Manager secret in the AWS Secrets Manager documentation.

  • When you retrieve the secret value, Secrets Manager returns by default only the current secret version (AWSCURRENT label). For details, see What's in a Secrets Manager secret? in the AWS Secrets Manager documentation.

To fetch the token for a tracing connection, set the token secret ARN either to the environment variable DT_CONNECTION_AUTH_TOKEN_SECRETS_MANAGER_ARN or the JSON property Connection.AuthTokenSecretsManagerArn.

This option always overrides DT_CONNECTION_AUTH_TOKEN (Connection.AuthToken). If the fetch fails, OneAgent won't be able to export trace data.

A fetch accesses AWS Secrets Manager only once, during the Lambda function's initialization phase; this causes an increase of the Lambda function's cold start duration.

For details on fetching the token for log collection, refer to Fetch token from AWS Secrets Manager.

Monitoring overhead

Enabling monitoring unavoidably induces overhead to the monitored function execution. Overhead depends on several factors, such as function runtime technology, configuration, and concrete function characteristics such as code size or execution duration and complexity.

The amount of memory configured for a function directly impacts the compute resources assigned to the function instance. For more details, see Memory and computing power.

The worst-case scenario on measured overhead is a function with an empty function handler and minimum memory configuration.

Cold start overhead

  • For Node.js, cold start overhead is about 900 ms.
  • For Java, cold start overhead is about 1,500 ms.
  • For Python, cold start overhead is about 1,000 ms.

For the cold start benchmarking process, hello-world functions (only returning a response) were tested with 512 MB of allocated memory. It is important to note that the observed overhead may vary based on a few factors:

  • Configured memory: A Lambda function is allocated CPU proportional to the memory configured which can influence its cold start performance. Functions with higher memory allocations typically exhibit faster initialization times due to the increased CPU allocation.
  • Function implementation: The complexity of the actual function implementation—including external dependencies, initialization logic, and the runtime environment—can significantly impact the cold start duration.
  • Runtime version: The specific runtime version or container image used can also influence cold start times.

When conducting performance evaluations, we recommend considering these factors, as they may affect the benchmarking results in real-world scenarios.

Response time latency

Latency depends on the function implementation, but is typically less than 10%. This means that the time it takes until the caller of a Lambda function receives a response might increase by 10% when the OneAgent layer is added, compared to when OneAgent is not active/present.

Code space overhead

The following table contains uncompressed layer sizes.

Runtime Code space (MB) Code space with log collector included (MB)
Node.js ~32MB ~40MB
Java ~25MB ~32MB
Python ~16MB ~24MB

Dynatrace AWS integration

While not mandatory, we recommend that you set up Dynatrace Amazon CloudWatch integration. This allows data ingested via AWS integration to be seamlessly combined with the data collected by the Dynatrace AWS Lambda extension.

For more details, refer to Amazon CloudWatch Metric Streams.

Filter cold starts

One of the important metrics for Lambda is the frequency of cold starts. A cold start happens when a new instance of a Lambda function is invoked. Such cold starts take longer and add latency to your requests.

A high cold-start frequency can indicate errors or an uneven load pattern that can be mitigated using provisioned concurrency. Dynatrace reports such cold starts as a property on the distributed trace.

To analyze cold starts

  1. Select View all requests on the Lambda service details page.

  2. In the request filter, select Function cold start in the Request property section.

  3. Filter by invocations containing Only cold start or No cold start.

Known limitations

  • HTTP connect timeouts, flush timeouts, and backoff thresholds are not configurable.
  • OneAgent running on AWS Lambda does not support functionalities that require OneAgent reconfiguration through the server-side user interface.
  • OneAgent for AWS Lambda uses only local settings defined via environment variables or config files, instead of pulling configuration from the Dynatrace cluster. As a result, any settings defined at the cluster level are ignored, and defaults apply unless explicitly overridden.
  • Most Dynatrace AWS Lambda extensions don't capture IP addresses of outgoing HTTP requests. This results in unmonitored hosts if the called service isn't monitored with Dynatrace.
  • .NET: ASP.NET core, code-level attack & vulnerability evaluation and several metrics are not supported within AWS Lambda.
  • Node.js AWS Lambda extension sensors (instrumentations) don't support ECMAScript modules. This means that the extension won't properly monitor outgoing calls (for example, HTTP or AWS SDK requests).
  • Node.js handlers bundled via esbuild to CommonJS can't be auto-instrumented by OneAgent. This is because the bundling process can alter how the handler function is exposed, which prevents OneAgent from detecting and instrumenting it automatically.

How to enable auto-instrumentation for Node.js handlers bundled via esbuild?

You can use a simple wrapper script to enable auto-instrumentation.

Here's a sample AWS Lambda handler written in TypeScript (index.ts):

import { Context, APIGatewayProxyResult, APIGatewayEvent } from 'aws-lambda';



export const handler = async (event: APIGatewayEvent, context: Context): Promise<APIGatewayProxyResult> => {



console.log(`Event: ${JSON.stringify(event, null, 2)}`);



console.log(`Context: ${JSON.stringify(context, null, 2)}`);



return {



statusCode: 200,



body: JSON.stringify({



message: 'hello world',



}),



};



};
  1. Bundle the handler using esbuild:

    esbuild index.ts --bundle --minify --sourcemap --platform=node --target=es2020 --outfile=dist/index.js
    
    2. Create a wrapper file (esbuild_wrap.js) to expose the handler in a way that OneAgent can instrument:

    const esbuildDist = require("./dist/index");
    
    
    
    exports.handler = esbuildDist.handler;
    
    3. In your AWS Lambda runtime configuration, set the handler to esbuild_wrap.handler.

OneAgent will now be able to detect and instrument the function correctly. * AWS Lambda Managed Instances deployment mode is not supported. This new hosting option allows deploying Lambda functions on AWS-managed EC2 instance clusters. The Dynatrace Lambda extension and code module layers currently do not support this deployment mode. * Managed offline clusters are not supported.


Source: aws-lambda-integration.md


title: Monitor AWS Lambda source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration scraped: 2026-02-17T04:48:32.348125


Monitor AWS Lambda

Monitor AWS Lambda

  • Explanation
  • 3-min read
  • Updated on Jan 12, 2026

Dynatrace provides end-to-end observability for AWS Lambda functions through distributed tracing, log correlation, and AI-powered insights using auto-instrumentation without code changes. The OneAgent AWS Lambda extension collects logs directly from Lambda functions, offering an alternative to CloudWatch via Firehose with lower cost, lower latency, and easier setup.

[#### Trace Lambda functions

Monitor AWS Lambda functions.

  • How-to guide

Read this guide](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/trace-lambda-functions)[#### Trace .NET Lambda functions

Trace AWS Lambda functions using a .NET runtime

  • How-to guide

Read this guide](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-otel-integration)

[#### AWS Lambda log collection

Collect logs from AWS Lambda functions

  • How-to guide

Read this guide](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/collector)[#### Monitor AWS Lambda (built-in)

Monitor AWS Lambda (built-in) and view available metrics.

  • How-to guide

Read this guide](/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/aws-lambda-cloudwatch-metrics/lambda-builtin)

[#### Integrate Dynatrace Lambda Layer on container images

Deploy Dynatrace Lambda Layers when deployed via a container image.

  • How-to guide

Read this guide](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/deploy-oa-latest-lambda-container-images)

Integrations

AWS Lambda instrumentation is available for the following runtimes:

Runtime Lambda layer version1 Applies to Lambda Classic
Python 1.321 (or later) Yes
Node.js 1.319 (or later) Yes
Java 1.319 (or later) Yes
.NET Coming soon Yes
GO Coming soon Log Monitoring only

1

Managed offline clusters are not supported.

For more details, see Technology support.

Monitoring consumption

For AWS Lambda, monitoring consumption is based on Davis data units. See Serverless monitoring for details.


Source: aws-service-appstream-2.md


title: Amazon AppStream 2.0 monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-appstream-2 scraped: 2026-02-17T05:06:21.806486


Amazon AppStream 2.0 monitoring

Amazon AppStream 2.0 monitoring

  • How-to guide
  • 2-min read
  • Published Sep 08, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon AppStream 2.0. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Appstream

Available metrics

Fleet is the main dimension.

Name Description Unit Statistics Dimensions Recommended
ActualCapacity The total number of instances that are available for streaming or are currently streaming. ActualCapacity = AvailableCapacity + InUseCapacity. Count Multi Fleet Applicable
AvailableCapacity The number of idle instances currently available for user sessions. AvailableCapacity = ActualCapacity - InUseCapacity. Count Multi Fleet Applicable
CapacityUtilization The percentage of instances in a fleet that are being used, using the following formula. CapacityUtilization = (InUseCapacity/ActualCapacity) × 100. Percent Multi Fleet Applicable
DesiredCapacity The total number of instances that are either running or pending. This represents the total number of concurrent streaming sessions your fleet can support in a steady state. DesiredCapacity = ActualCapacity + PendingCapacity. Count Multi Fleet Applicable
InUseCapacity The number of instances currently being used for streaming sessions. One InUseCapacity count represents one streaming session. Count Multi Fleet Applicable
InsufficientCapacityError The number of session requests rejected due to lack of capacity. Count Sum Fleet
PendingCapacity The number of instances being provisioned by AppStream 2.0. Represents the additional number of streaming sessions the fleet can support after provisioning is complete. When provisioning starts, it usually takes 10-20 minutes for an instance to become available for streaming. Count Multi Fleet Applicable

Source: aws-service-appsync.md


title: AWS AppSync monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-appsync scraped: 2026-02-17T04:59:54.222275


AWS AppSync monitoring

AWS AppSync monitoring

  • How-to guide
  • 3-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS AppSync. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Appsync

Available metrics

GraphQLAPIId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
ActiveConnections The number of concurrent WebSocket connections from clients to AWS AppSync in 1 minute Count Sum GraphQLAPIId Applicable
ActiveSubscriptions The number of concurrent subscriptions from clients in 1 minute Count Sum GraphQLAPIId Applicable
ConnectClientError The number of WebSocket connections that were rejected by AWS AppSync because of client-side errors Count Sum GraphQLAPIId Applicable
ConnectServerError The number of errors that originated from AWS AppSync while processing connections Count Sum GraphQLAPIId Applicable
ConnectSuccess The number of successful WebSocket connections to AWS AppSync Count Sum GraphQLAPIId Applicable
ConnectionDuration The amount of time that the connection stays open Milliseconds Multi GraphQLAPIId Applicable
DisconnectClientError The number of errors that originated from AWS AppSync when disconnecting WebSocket connections due to client-side errors Count Sum GraphQLAPIId Applicable
DisconnectServerError The number of errors that originated from AWS AppSync when disconnecting WebSocket connections while processing connections Count Sum GraphQLAPIId Applicable
DisconnectSuccess The number of successful WebSocket disconnections from AWS AppSync Count Sum GraphQLAPIId Applicable
Latency The time between when AWS AppSync receives a request from a client and when it returns a response to the client Milliseconds Multi GraphQLAPIId Applicable
PublishDataMessageClientError The number of subscription event messages that failed to publish because of client-side errors Count Sum GraphQLAPIId Applicable
PublishDataMessageServerError The number of errors that originated from AWS AppSync while publishing subscription event messages Count Sum GraphQLAPIId Applicable
PublishDataMessageSize The size of subscription event messages published Bytes Multi GraphQLAPIId Applicable
PublishDataMessageSize Bytes Sum GraphQLAPIId Applicable
PublishDataMessageSuccess The number of subscription event messages that were successfully published Count Sum GraphQLAPIId Applicable
SubscribeServerError The number of errors that originated from AWS AppSync while processing subscriptions Count Sum GraphQLAPIId Applicable
SubscribeSuccess The number of subscriptions that were successfully registered to AWS AppSync through WebSocket Count Sum GraphQLAPIId Applicable
UnsubscribeClientError The number of unsubscriptions that were rejected by AWS AppSync because of client-side errors Count Sum GraphQLAPIId Applicable
UnsubscribeServerError The number of errors that originated from AWS AppSync while processing unsubscriptions Count Sum GraphQLAPIId Applicable
UnsubscribeSuccess The number of unsubscriptions that were successfully processed from AWS AppSync Count Sum GraphQLAPIId Applicable
4XXError The number of client-side errors captured in a given period Count Sum GraphQLAPIId Applicable
5XXError The number of server-side errors captured in a given period Count Sum GraphQLAPIId Applicable

Limitations

While Dynatrace doesn't support WebSocket traffic, the AppSync integration shows the WebSocket URL as part of the properties for the custom devices that are created.


Source: aws-service-chatbot.md


title: AWS Chatbot monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-chatbot scraped: 2026-02-16T21:31:40.951444


AWS Chatbot monitoring

AWS Chatbot monitoring

  • How-to guide
  • 1-min read
  • Published Sep 08, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Chatbot. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Chatbot

Available metrics

ConfigurationName is the main dimension.

Name Description Unit Statistics Dimensions Recommended
EventsProcessed The number of event notifications received by AWS Chatbot Count Sum ConfigurationName Applicable
EventsProcessed Count Sum Region Applicable
EventsThrottled The number of throttled notifications Count Sum Region Applicable
MessageDeliveryFailure The number of messages that failed to deliver to the chat client Count Sum ConfigurationName Applicable
MessageDeliveryFailure Count Sum Region Applicable
MessageDeliverySuccess The number of messages successfully delivered to the chat client Count Sum ConfigurationName
MessageDeliverySuccess Count Sum Region
UnsupportedEvents The number of unsupported events or messages attempted Count Sum ConfigurationName Applicable
UnsupportedEvents Count Sum Region Applicable

Limitations

The metrics for throttled events are region-wide and have no dimension for any specific configuration.

Dynatrace entities of this AWS service are not enriched with the ARN property.


Source: aws-service-cloudhsm-v2.md


title: AWS CloudHSM (V2) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-cloudhsm-v2 scraped: 2026-02-16T09:27:46.600390


AWS CloudHSM (V2) monitoring

AWS CloudHSM (V2) monitoring

  • How-to guide
  • 4-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS CloudHSM (V2). You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Cloudhsm

Available metrics

ClusterId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
HsmUnhealthy The HSM instance is not performing properly None Multi ClusterId, HsmId Applicable
HsmUnhealthy None Multi ClusterId Applicable
HsmUnhealthy None Multi Region Applicable
HsmTemperature Junction temperature of the hardware processor None Multi ClusterId, HsmId Applicable
HsmTemperature None Multi ClusterId Applicable
HsmTemperature None Multi Region
HsmKeysSessionOccupied Number of session keys being used by the HSM instance Count Multi ClusterId, HsmId Applicable
HsmKeysSessionOccupied Count Multi ClusterId Applicable
HsmKeysSessionOccupied Count Multi Region Applicable
HsmKeysTokenOccupied Number of token keys being used by the HSM instance and the cluster Count Multi ClusterId, HsmId Applicable
HsmKeysTokenOccupied Count Multi ClusterId Applicable
HsmKeysTokenOccupied Count Multi Region Applicable
HsmSslCtxsOccupied Number of end-to-end encrypted channels currently established for the HSM instance Count Multi ClusterId, HsmId Applicable
HsmSslCtxsOccupied Count Multi ClusterId Applicable
HsmSslCtxsOccupied Count Multi Region
HsmSessionCount Number of open connections to the HSM instance Count Multi ClusterId, HsmId Applicable
HsmSessionCount Count Multi ClusterId Applicable
HsmSessionCount Count Multi Region
HsmUsersAvailable Number of additional users that can be created Count Multi ClusterId, HsmId Applicable
HsmUsersAvailable Count Multi ClusterId Applicable
HsmUsersAvailable Count Multi Region
HsmUsersMax Maximum number of users that can be created on the HSM instance Count Maximum ClusterId, HsmId Applicable
HsmUsersMax Count Maximum ClusterId Applicable
HsmUsersMax Count Maximum Region
InterfaceEth2DroppedInput Number of dropped packets on input Count Average ClusterId, HsmId
InterfaceEth2DroppedInput Count Average ClusterId
InterfaceEth2DroppedInput Count Average Region
InterfaceEth2ErrorsInput Number of error packets on input Count Average ClusterId, HsmId
InterfaceEth2ErrorsInput Count Average ClusterId
InterfaceEth2ErrorsInput Count Average Region
InterfaceEth2OctetsInput Cumulative sum of traffic to the HSM to date Count Average ClusterId, HsmId
InterfaceEth2OctetsInput Count Average ClusterId
InterfaceEth2OctetsInput Count Average Region
InterfaceEth2PacketsInput Total number of packets on input Count Average ClusterId, HsmId
InterfaceEth2PacketsInput Count Average ClusterId
InterfaceEth2PacketsInput Count Average Region
InterfaceEth2DroppedOutput Number of dropped packets on output Count Average ClusterId, HsmId
InterfaceEth2DroppedOutput Count Average ClusterId
InterfaceEth2DroppedOutput Count Average Region
InterfaceEth2ErrorsOutput Number of error packets on output Count Average ClusterId, HsmId
InterfaceEth2ErrorsOutput Count Average ClusterId
InterfaceEth2ErrorsOutput Count Average Region
InterfaceEth2OctetsOutput Cumulative sum of traffic from the HSM to date Count Average ClusterId, HsmId
InterfaceEth2OctetsOutput Count Average ClusterId
InterfaceEth2OctetsOutput Count Average Region
InterfaceEth2PacketsOutput Total number of packets on output Count Average ClusterId, HsmId
InterfaceEth2PacketsOutput Count Average ClusterId
InterfaceEth2PacketsOutput Count Average Region

Limitations

CloudHSM Classic isn't supported.


Source: aws-service-cloudwatch-logs.md


title: Amazon CloudWatch Logs monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-cloudwatch-logs scraped: 2026-02-16T09:38:55.518429


Amazon CloudWatch Logs monitoring

Amazon CloudWatch Logs monitoring

  • How-to guide
  • 2-min read
  • Published Sep 08, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon CloudWatch Logs. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

CloudWatch Logs

Available metrics

LogGroupName is the main dimension.

Name Description Unit Statistics Dimensions Recommended
DeliveryErrors The number of log events for which CloudWatch Logs received an error when forwarding data to the subscription destination Count Sum LogGroupName, DestinationType, FilterName Applicable
DeliveryThrottling The number of log events for which CloudWatch Logs was throttled when forwarding data to the subscription destination Count Sum LogGroupName, DestinationType, FilterName Applicable
ForwardedBytes The volume of log events in compressed bytes forwarded to the subscription destination Bytes Sum LogGroupName, DestinationType, FilterName Applicable
ForwardedLogEvents The number of log events forwarded to the subscription destination Count Sum LogGroupName, DestinationType, FilterName Applicable
IncomingBytes The volume of log events in uncompressed bytes uploaded to CloudWatch Logs. When used with the LogGroupName dimension, this is the volume of log events in uncompressed bytes uploaded to the log group. Bytes Sum LogGroupName Applicable
IncomingBytes Bytes Sum Region Applicable
IncomingLogEvents The number of log events uploaded to CloudWatch Logs. When used with the LogGroupName dimension, this is the number of log events uploaded to the log group. Count Sum LogGroupName Applicable
IncomingLogEvents Count Sum Region Applicable

Source: aws-service-codebuild.md


title: AWS CodeBuild monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-codebuild scraped: 2026-02-15T21:25:09.143272


AWS CodeBuild monitoring

AWS CodeBuild monitoring

  • How-to guide
  • 4-min read
  • Published Sep 08, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS CodeBuild. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Codebuild

Available metrics

ProjectName is the main dimension.

Name Description Unit Statistics Dimensions Recommended
BuildDuration Measures the duration of the build's BUILD phase Seconds Multi Region
BuildDuration Seconds Multi ProjectName Applicable
Builds Measures the number of builds triggered Count Sum Region Applicable
Builds Count Sum ProjectName Applicable
CPUUtilized The number of CPU units of allocated processing used by the build container None Multi ProjectName
CPUUtilized None Multi ProjectName, BuildId, BuildNumber
CPUUtilizedPercent The percentage of allocated processing used by the build container Percent Multi ProjectName
CPUUtilizedPercent Percent Multi ProjectName, BuildId, BuildNumber Applicable
DownloadSourceDuration Measures the duration of the build's DOWNLOAD_SOURCE phase Seconds Multi Region
DownloadSourceDuration Seconds Multi ProjectName
Duration Measures the duration of all builds over time Seconds Multi Region
Duration Seconds Multi ProjectName Applicable
FailedBuilds Measures the number of builds that failed because of client error or a timeout Count Sum Region Applicable
FailedBuilds Count Sum ProjectName Applicable
FinalizingDuration Measures the duration of the build's FINALIZING phase Seconds Multi Region
FinalizingDuration Seconds Multi ProjectName
InstallDuration Measures the duration of the build's INSTALL phase Seconds Multi Region
InstallDuration Seconds Multi ProjectName
MemoryUtilized The number of megabytes of memory used by the build container Megabytes Multi ProjectName
MemoryUtilized Megabytes Multi ProjectName, BuildId, BuildNumber
MemoryUtilizedPercent The percentage of allocated memory used by the build container Percent Multi ProjectName
MemoryUtilizedPercent Percent Multi ProjectName, BuildId, BuildNumber Applicable
PostBuildDuration Measures the duration of the build's POST_BUILD phase Seconds Multi Region
PostBuildDuration Seconds Multi ProjectName
PreBuildDuration Measures the duration of the build's PRE_BUILD phase Seconds Multi Region
PreBuildDuration Seconds Multi ProjectName
ProvisioningDuration Measures the duration of the build's PROVISIONING phase Seconds Multi Region
ProvisioningDuration Seconds Multi ProjectName
QueuedDuration Measures the duration of the build's QUEUED phase Seconds Multi Region
QueuedDuration Seconds Multi ProjectName Applicable
StorageReadBytes The storage read speed used by the build container Bytes/Second Multi ProjectName
StorageReadBytes Bytes/Second Multi ProjectName, BuildId, BuildNumber Applicable
StorageWriteBytes The storage write speed used by the build container Bytes/Second Multi ProjectName
StorageWriteBytes Bytes/Second Multi ProjectName, BuildId, BuildNumber Applicable
SubmittedDuration Measures the duration of the build's SUBMITTED phase Seconds Multi Region
SubmittedDuration Seconds Multi ProjectName
SucceededBuilds Measures the number of successful builds Count Sum Region Applicable
SucceededBuilds Count Sum ProjectName Applicable
UploadArtifactsDuration Measures the duration of the build's UPLOAD_ARTIFACTS phase Seconds Multi Region
UploadArtifactsDuration Seconds Multi ProjectName

Source: aws-service-database-migration-service-dms.md


title: AWS DMS (Database Migration Service) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-database-migration-service-dms scraped: 2026-02-17T04:59:02.795795


AWS DMS (Database Migration Service) monitoring

AWS DMS (Database Migration Service) monitoring

  • How-to guide
  • 9-min read
  • Published Aug 12, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS DMS. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Database migration

Available metrics

ReplicationInstanceIdentifier is the main dimension.

Name Description Unit Statistics Dimensions Recommended
CDCChangesDiskSource Amount of rows accumulating on disk and waiting to be committed from the source Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier
CDCChangesDiskTarget Amount of rows accumulating on disk and waiting to be committed to the target Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier
CDCChangesMemorySource Amount of rows accumulating in memory and waiting to be committed from the source Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier
CDCChangesMemoryTarget Amount of rows accumulating in memory and waiting to be committed to the target Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier
CDCIncomingChanges The total number of change events at a point in time that are waiting to be applied to the target Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
CDCLatencySource The gap, in seconds, between the last event captured from the source endpoint and the current system timestamp of the AWS DMS instance. CDCLatencySource represents the latency between source and replication instance. Seconds Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
CDCLatencyTarget The gap, in seconds, between the first event timestamp waiting to commit on the target and the current timestamp of the AWS DMS instance. CDCLatencyTarget represents the latency between replication instance and target. Seconds Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
CDCThroughputBandwidthSource Incoming data received for the source in KB per second Kilobytes/Second Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
CDCThroughputBandwidthTarget Outgoing data transmitted for the target in KB per second Kilobytes/Second Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
CDCThroughputRowsSource Incoming task changes from the source in rows per second Count/Second Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
CDCThroughputRowsTarget Outgoing task changes for the target in rows per second Count/Second Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
CPUAllocated The percentage of CPU maximally allocated for the task (0 means no limit) Percent Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier
CPUUtilization The amount of CPU used Percent Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
CPUUtilization Percent Multi ReplicationInstanceIdentifier Applicable
CPUUtilization Percent Multi Region, ReplicationInstanceExternalResourceId Applicable
CPUUtilization Percent Multi Region Applicable
CPUUtilization Percent Multi Region, InstanceClass
DiskQueueDepth The number of outstanding I/Os (read/write requests) waiting to access the disk Count Multi Region, ReplicationInstanceExternalResourceId
DiskQueueDepth Count Multi Region
DiskQueueDepth Count Multi Region, InstanceClass
DiskQueueDepth Count Multi ReplicationInstanceIdentifier
FreeStorageSpace The amount of available storage space Bytes Multi ReplicationInstanceIdentifier Applicable
FreeStorageSpace Bytes Multi Region, ReplicationInstanceExternalResourceId
FreeStorageSpace Bytes Multi Region
FreeStorageSpace Bytes Multi Region, InstanceClass
FreeableMemory The amount of available RAM Bytes Multi ReplicationInstanceIdentifier Applicable
FreeableMemory Bytes Multi Region, ReplicationInstanceExternalResourceId
FreeableMemory Bytes Multi Region
FreeableMemory Bytes Multi Region, InstanceClass
FullLoadThroughputBandwidthSource Incoming data received from a full load from the source in kilobytes (KB) per second Kilobytes/Second Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
FullLoadThroughputBandwidthTarget Outgoing data transmitted from a full load for the target in kilobytes (KB) per second Kilobytes/Second Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
FullLoadThroughputRowsSource Incoming changes from a full load from the source in rows per second Count/Second Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
FullLoadThroughputRowsTarget Outgoing changes from a full load for the target in rows per second Count/Second Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
MemoryAllocated The maximum allocation of memory for the task (0 means no limits) Megabytes Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier
MemoryUsage The resident set size (RSS) occupied by a task. It indicates the portion of memory occupied by a task held in main memory (RAM). Megabytes Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
NetworkReceiveThroughput The incoming (receive) network traffic on the replication instance, including both customer database traffic and AWS DMS traffic used for monitoring and replication Bytes/Second Multi ReplicationInstanceIdentifier Applicable
NetworkReceiveThroughput Bytes/Second Multi Region, ReplicationInstanceExternalResourceId
NetworkReceiveThroughput Bytes/Second Multi Region
NetworkReceiveThroughput Bytes/Second Multi Region, InstanceClass
NetworkTransmitThroughput The outgoing (transmit) network traffic on the replication instance, including both customer database traffic and AWS DMS traffic used for monitoring and replication Bytes/Second Multi ReplicationInstanceIdentifier Applicable
NetworkTransmitThroughput Bytes/Second Multi Region, ReplicationInstanceExternalResourceId
NetworkTransmitThroughput Bytes/Second Multi Region
NetworkTransmitThroughput Bytes/Second Multi Region, InstanceClass
ReadIOPS The average number of disk read I/O operations per second Count/Second Multi ReplicationInstanceIdentifier Applicable
ReadIOPS Count/Second Multi Region, ReplicationInstanceExternalResourceId
ReadIOPS Count/Second Multi Region
ReadIOPS Count/Second Multi Region, InstanceClass
ReadLatency The average amount of time taken per disk I/O (input) operation Seconds Multi ReplicationInstanceIdentifier Applicable
ReadLatency Seconds Multi Region, ReplicationInstanceExternalResourceId
ReadLatency Seconds Multi Region
ReadLatency Seconds Multi Region, InstanceClass
ReadThroughput The average number of bytes read from disk per second Bytes/Second Multi ReplicationInstanceIdentifier Applicable
ReadThroughput Bytes/Second Multi Region, ReplicationInstanceExternalResourceId
ReadThroughput Bytes/Second Multi Region
ReadThroughput Bytes/Second Multi Region, InstanceClass
RecoveryCount Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
RunCounter Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
SwapUsage The amount of swap space used on the replication instance Bytes Multi ReplicationInstanceIdentifier Applicable
SwapUsage Bytes Multi Region, ReplicationInstanceExternalResourceId
SwapUsage Bytes Multi Region
SwapUsage Bytes Multi Region, InstanceClass
ValidationAttemptedRecordCount Number of rows that validation was attempted, per minute Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
ValidationBulkQuerySourceLatency AWS DMS can do data validation in bulk, especially in certain scenarios during a full-load or ongoing replication when there are many changes. This metric indicates the latency required to read a bulk set of data from the source endpoint. Milliseconds Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
ValidationBulkQueryTargetLatency AWS DMS can do data validation in bulk, especially in certain scenarios during a full-load or ongoing replication when there are many changes. This metric indicates the latency required to read a bulk set of data on the target endpoint. Milliseconds Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
ValidationFailedOverallCount Number of rows where validation failed Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
ValidationItemQuerySourceLatency During ongoing replication, data validation can identify ongoing changes and validate those changes. This metric indicates the latency in reading those changes from the source. Milliseconds Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier
ValidationItemQueryTargetLatency During ongoing replication, data validation can identify ongoing changes and validate the changes row by row. This metric gives us the latency in reading those changes from the target. Milliseconds Multi ReplicationInstanceIdentifier, ReplicationTaskIdentifier
ValidationPendingOverallCount Number of rows where the validation is still pending Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
ValidationSucceededRecordCount Number of rows that AWS DMS validated, per minute Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
ValidationSuspendedOverallCount Number of rows where validation was suspended Count Sum ReplicationInstanceIdentifier, ReplicationTaskIdentifier Applicable
WriteIOPS The average number of disk write I/O operations per second Count/Second Multi ReplicationInstanceIdentifier Applicable
WriteIOPS Count/Second Multi Region, ReplicationInstanceExternalResourceId
WriteIOPS Count/Second Multi Region
WriteIOPS Count/Second Multi Region, InstanceClass
WriteLatency The average amount of time taken per disk I/O (output) operation Seconds Multi ReplicationInstanceIdentifier Applicable
WriteLatency Seconds Multi Region, ReplicationInstanceExternalResourceId
WriteLatency Seconds Multi Region
WriteLatency Seconds Multi Region, InstanceClass
WriteThroughput The average number of bytes written to disk per second Bytes/Second Multi ReplicationInstanceIdentifier Applicable
WriteThroughput Bytes/Second Multi Region, ReplicationInstanceExternalResourceId
WriteThroughput Bytes/Second Multi Region
WriteThroughput Bytes/Second Multi Region, InstanceClass

Limitations

To collect metrics about changes captured by the migration task (CDC metrics) on MySQL, the binary logging and automatic backup settings should be enabled.


Source: aws-service-direct-connect.md


title: AWS Direct Connect monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-direct-connect scraped: 2026-02-17T05:10:31.007765


AWS Direct Connect monitoring

AWS Direct Connect monitoring

  • How-to guide
  • 2-min read
  • Published Sep 08, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Direct Connect. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

AWS direct connect

Available metrics

ConnectionId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
ConnectionBpsEgress The bitrate for outbound data from the AWS side of the connection Bits/Second Multi ConnectionId Applicable
ConnectionBpsIngress The bitrate for inbound data to the AWS side of the connection Bits/Second Multi ConnectionId Applicable
ConnectionErrorCount The total error count for all types of MAC level errors on the AWS device Count Sum ConnectionId Applicable
ConnectionLightLevelRx The health of the fiber connection for inbound (ingress) traffic to the AWS side of the connection DecibelMilliWatts Multi ConnectionId, OpticalLaneNumber Applicable
ConnectionLightLevelTx The health of the fiber connection for outbound (egress) traffic from the AWS side of the connection DecibelMilliWatts Multi ConnectionId, OpticalLaneNumber Applicable
ConnectionPpsEgress The packet rate for outbound data from the AWS side of the connection Count/Second Multi ConnectionId
ConnectionPpsIngress The packet rate for inbound data to the AWS side of the connection Count/Second Multi ConnectionId
ConnectionState The state of the connection (up or down) None Multi ConnectionId Applicable
VirtualInterfaceBpsEgress The bitrate for outbound data from the AWS side of the virtual interface Bits/Second Multi ConnectionId, VirtualInterfaceId Applicable
VirtualInterfaceBpsIngress The bitrate for inbound data to the AWS side of the virtual interface Bits/Second Multi ConnectionId, VirtualInterfaceId Applicable
VirtualInterfacePpsEgress The packet rate for outbound data from the AWS side of the virtual interface Count/Second Multi ConnectionId, VirtualInterfaceId
VirtualInterfacePpsIngress The packet rate for inbound data to the AWS side of the virtual interface Count/Second Multi ConnectionId, VirtualInterfaceId

Source: aws-service-dynamodb-new.md


title: Amazon DynamoDB monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-dynamodb-new scraped: 2026-02-15T09:13:53.543098


Amazon DynamoDB monitoring

Amazon DynamoDB monitoring

  • How-to guide
  • 7-min read
  • Updated on Nov 15, 2023

For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon DynamoDB. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

You can also view metrics in the Dynatrace web UI on dashboards. There is no preset dashboard available for this service, but you can create your own dashboard.

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Available metrics

This service monitors a part of Amazon DynamoDB (AWS/DynamoDB). While you have this service configured, you can't have Amazon Dynamo Database (built-in) service turned on.

TableName is the main dimension.

Name Description Dimensions Unit Recommended
ConsumedReadCapacityUnits The number of read capacity units consumed over the specified time period for both provisioned and on-demand capacity, so you can track how much of your throughput is used. TableName Count Applicable
ConsumedReadCapacityUnits The number of read capacity units consumed over the specified time period for both provisioned and on-demand capacity, so you can track how much of your throughput is used. TableName, GlobalSecondaryIndexName Count
MaxProvisionedTableReadCapacityUtilization The percentage of provisioned read capacity utilized by the highest provisioned read table or global secondary index of an account. Region Percent
SuccessfulRequestLatency The latency of successful requests to DynamoDB or Amazon DynamoDB Streams during the specified time period. TableName, Operation Milliseconds Applicable
ReturnedItemCount The number of items returned by Query, Scan or ExecuteStatement (select) operations during the specified time period. TableName, Operation Count Applicable
AccountProvisionedReadCapacityUtilization The percentage of provisioned read capacity units utilized by an account. Region Percent
MaxProvisionedTableWriteCapacityUtilization The percentage of provisioned write capacity utilized by the highest provisioned write table or global secondary index of an account. Region Percent
AccountMaxTableLevelWrites The maximum number of write capacity units that can be used by a table or global secondary index of an account. Region Count
AccountMaxReads The maximum number of read capacity units that can be used by an account. Region Count
ConsumedWriteCapacityUnits The number of write capacity units consumed over the specified time period for both provisioned and on-demand capacity, so you can track how much of your throughput is used. TableName Count Applicable
ConsumedWriteCapacityUnits The number of write capacity units consumed over the specified time period for both provisioned and on-demand capacity, so you can track how much of your throughput is used. TableName, GlobalSecondaryIndexName Count
AccountMaxTableLevelReads The maximum number of read capacity units that can be used by a table or global secondary index of an account. Region Count
ProvisionedReadCapacityUnits The number of provisioned read capacity units for a table or a global secondary index. TableName Count Applicable
ProvisionedReadCapacityUnits The number of provisioned read capacity units for a table or a global secondary index. TableName, GlobalSecondaryIndexName Count
ProvisionedWriteCapacityUnits The number of provisioned write capacity units for a table or a global secondary index. TableName Count Applicable
ProvisionedWriteCapacityUnits The number of provisioned write capacity units for a table or a global secondary index. TableName, GlobalSecondaryIndexName Count
AccountProvisionedWriteCapacityUtilization The percentage of provisioned write capacity units utilized by an account. Region Percent
AccountMaxWrites The maximum number of write capacity units that can be used by an account. Region Count
AgeOfOldestUnreplicatedRecord The elapsed time since a record yet to be replicated to the Kinesis data stream first appeared in the DynamoDB table. TableName, DelegatedOperation Milliseconds
ConditionalCheckFailedRequests The number of failed attempts to perform conditional writes. TableName Count Applicable
ConsumedChangeDataCaptureUnits TableName, DelegatedOperation Count
FailedToReplicateRecordCount The number of records that DynamoDB failed to replicate to your Kinesis data stream. TableName, DelegatedOperation Count
OnlineIndexConsumedWriteCapacity The number of write capacity units consumed when adding a new global secondary index to a table. TableName Count
OnlineIndexConsumedWriteCapacity The number of write capacity units consumed when adding a new global secondary index to a table. TableName, GlobalSecondaryIndexName Count
OnlineIndexPercentageProgress The percentage of completion when a new global secondary index is being added to a table. TableName Count
OnlineIndexPercentageProgress The percentage of completion when a new global secondary index is being added to a table. TableName, GlobalSecondaryIndexName Count
OnlineIndexThrottleEvents The number of write throttle events that occur when adding a new global secondary index to a table. TableName Count
OnlineIndexThrottleEvents The number of write throttle events that occur when adding a new global secondary index to a table. TableName, GlobalSecondaryIndexName Count
PendingReplicationCount The number of item updates that are written to one replica table, but that have not yet been written to another replica in the global table. TableName, ReceivingRegion Count
ReadThrottleEvents Requests to DynamoDB that exceed the provisioned read capacity units for a table or a global secondary index. TableName Count Applicable
ReadThrottleEvents Requests to DynamoDB that exceed the provisioned read capacity units for a table or a global secondary index. TableName, GlobalSecondaryIndexName Count
ReplicationLatency The elapsed time between an updated item appearing in the DynamoDB stream for one replica table, and that item appearing in another replica in the global table. TableName, ReceivingRegion Milliseconds
ReturnedBytes The number of bytes returned by GetRecords operations (Amazon DynamoDB Streams) during the specified time period. TableName, Operation, StreamLabel Bytes
ReturnedRecordsCount The number of stream records returned by GetRecords operations (Amazon DynamoDB Streams) during the specified time period. TableName, Operation, StreamLabel Count
SystemErrors The requests to DynamoDB or Amazon DynamoDB Streams that generate an HTTP 500 status code during the specified time period. TableName, Operation Count Applicable
TimeToLiveDeletedItemCount The number of items deleted by Time to Live (TTL) during the specified time period. TableName Count
ThrottledPutRecordCount The number of records that were throttled by your Kinesis data stream due to insufficient Kinesis Data Streams capacity. TableName, DelegatedOperation Count
ThrottledRequests Requests to DynamoDB that exceed the provisioned throughput limits on a resource (such as a table or an index). TableName, Operation Count Applicable
TransactionConflict Rejected item-level requests due to transactional conflicts between concurrent requests on the same items. TableName Count Applicable
UserErrors Requests to DynamoDB or Amazon DynamoDB Streams that generate an HTTP 400 status code during the specified time period. Region Count Applicable
WriteThrottleEvents Requests to DynamoDB that exceed the provisioned write capacity units for a table or a global secondary index. TableName Count Applicable
WriteThrottleEvents Requests to DynamoDB that exceed the provisioned write capacity units for a table or a global secondary index. TableName, GlobalSecondaryIndexName Count

Source: aws-service-ebs-new.md


title: Amazon EBS (Elastic Block Store) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-ebs-new scraped: 2026-02-16T21:32:45.009195


Amazon EBS (Elastic Block Store) monitoring

Amazon EBS (Elastic Block Store) monitoring

  • How-to guide
  • 4-min read
  • Updated on Apr 08, 2025

For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon EBS. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

You can also view metrics in the Dynatrace web UI on dashboards. There is no preset dashboard available for this service, but you can create your own dashboard.

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Available metrics

This service monitors a part of Amazon EBS (AWS/EBS). While you have this service configured, you can't have Amazon EBS (built-in) service turned on.

VolumeId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
BurstBalance Provides information about the percentage of I/O credits (for gp2) or throughput credits (for st1 and sc1) remaining in the burst bucket. Percent Multi VolumeId
EBSByteBalance% Provides information about the percentage of throughput credits remaining in the burst bucket. Percent Multi VolumeId
EBSIOBalance% Provides information about the percentage of I/O credits remaining in the burst bucket. Percent Multi VolumeId
EBSReadBytes Bytes read from all EBS volumes attached to the instance in a specified period of time. Bytes Multi VolumeId
EBSReadOps Completed read operations from all Amazon EBS volumes attached to the instance in a specified period of time. Count Sum VolumeId
EBSWriteBytes Bytes written to all EBS volumes attached to the instance in a specified period of time. Bytes Multi VolumeId
EBSWriteOps Completed write operations to all EBS volumes attached to the instance in a specified period of time. Count Sum VolumeId
FastSnapshotRestoreCreditsBalance The number of volume create credits available. This metric is reported per snapshot per Availability Zone. None Multi AvailabilityZone, SnapshotId
FastSnapshotRestoreCreditsBucketSize The maximum number of volume create credits that can be accumulated. This metric is reported per snapshot per Availability Zone. None Multi AvailabilityZone, SnapshotId
VolumeConsumedReadWriteOps The total amount of read and write operations (normalized to 256K capacity units) consumed in a specified period of time. Count Sum VolumeId
VolumeIdleTime The total number of seconds in a specified period of time when no read or write operations were submitted. Seconds Multi VolumeId Applicable
VolumeQueueLength The number of read and write operation requests waiting to be completed in a specified period of time. Count Sum VolumeId Applicable
VolumeReadBytes Provides information on the read operations in a specified period of time. Bytes Count VolumeId
VolumeReadBytes Bytes Multi VolumeId
VolumeReadBytes Bytes Sum VolumeId Applicable
VolumeReadOps The total number of read operations in a specified period of time. Count Sum VolumeId Applicable
VolumeThroughputPercentage The percentage of I/O operations per second (IOPS) delivered of the total IOPS provisioned for an Amazon EBS volume. Percent Multi VolumeId
VolumeTotalReadTime The total number of seconds spent by all read operations that completed in a specified period of time. Seconds Multi VolumeId
VolumeTotalWriteTime The total number of seconds spent by all write operations that completed in a specified period of time. Seconds Multi VolumeId
VolumeWriteBytes Provides information on the write operations in a specified period of time. Bytes Count VolumeId
VolumeWriteBytes Bytes Multi VolumeId
VolumeWriteBytes Bytes Sum VolumeId Applicable
VolumeWriteOps The total number of write operations in a specified period of time. Count Sum VolumeId Applicable

Source: aws-service-elastic-inference.md


title: Amazon Elastic Inference monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elastic-inference scraped: 2026-02-16T21:21:43.616623


Amazon Elastic Inference monitoring

Amazon Elastic Inference monitoring

  • How-to guide
  • 2-min read
  • Published Jul 23, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Elastic Inference. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Elastic inference

Available metrics

About dimensions

  • ElasticInferenceAcceleratorId filters the data by the Elastic Inference accelerator.
  • InstanceId filters the data by instance to which the Elastic Inference accelerator is attached.

InstanceId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
AcceleratorHealthCheckFailed Reports whether the Elastic Inference accelerator has passed a status health check in the last minute Count Sum InstanceId, ElasticInferenceAcceleratorId Applicable
AcceleratorHealthCheckFailed Count Multi InstanceId, ElasticInferenceAcceleratorId
AcceleratorInferenceWithClientErrorCount The number of inference requests reaching the Elastic Inference accelerator in the last minute that resulted in a 4xx error Count Sum InstanceId, ElasticInferenceAcceleratorId Applicable
AcceleratorInferenceWithClientErrorCount Count Multi InstanceId, ElasticInferenceAcceleratorId
AcceleratorInferenceWithServerErrorCount The number of inference requests reaching the Elastic Inference accelerator in the last minute that resulted in a 5xx error Count Sum InstanceId, ElasticInferenceAcceleratorId Applicable
AcceleratorInferenceWithServerErrorCount Count Multi InstanceId, ElasticInferenceAcceleratorId
AcceleratorMemoryUsage The memory of the Elastic Inference accelerator used in the last minute Bytes Multi InstanceId, ElasticInferenceAcceleratorId Applicable
AcceleratorSuccessfulInferenceCount The number of successful inference requests reaching the Elastic Inference accelerator in the last minute Count Sum InstanceId, ElasticInferenceAcceleratorId Applicable
AcceleratorSuccessfulInferenceCount Count Multi InstanceId, ElasticInferenceAcceleratorId
AcceleratorTotalInferenceCount The number of inference requests reaching the Elastic Inference accelerator in the last minute Count Sum InstanceId, ElasticInferenceAcceleratorId Applicable
AcceleratorTotalInferenceCount Count Multi InstanceId, ElasticInferenceAcceleratorId
AcceleratorUtilization The percentage of the Elastic Inference accelerator used for computation in the last minute Percent Multi InstanceId, ElasticInferenceAcceleratorId Applicable
ConnectivityCheckFailed Reports whether connectivity to the Elastic Inference accelerator is active or has failed in the last minute Count Sum InstanceId, ElasticInferenceAcceleratorId Applicable
ConnectivityCheckFailed Count Multi InstanceId, ElasticInferenceAcceleratorId

Source: aws-service-elastic-transcoder.md


title: Amazon Elastic Transcoder monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elastic-transcoder scraped: 2026-02-17T05:01:07.161008


Amazon Elastic Transcoder monitoring

Amazon Elastic Transcoder monitoring

  • How-to guide
  • 2-min read
  • Published Jul 21, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Elastic Transcoder. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Transcoder dash

Available metrics

PipelineId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
BilledAudioOutput The number of billable seconds of audio output for a pipeline Seconds Multi PipelineId
BilledAudioOutput The number of billable seconds of HD output for a pipeline Seconds Sum PipelineId Applicable
BilledHDOutput The number of billable seconds of SD output for a pipeline Seconds Multi PipelineId
BilledHDOutput Seconds Sum PipelineId Applicable
BilledSDOutput The number of billable seconds of SD output for a pipeline. Seconds Multi PipelineId
BilledSDOutput Seconds Sum PipelineId Applicable
Errors The number of errors caused by invalid operation parameters, such as a request for a job status that does not include the job ID Count Sum Region, Operation Applicable
JobsCompleted The number of jobs completed by this pipeline Count Sum PipelineId Applicable
JobsErrored The number of jobs that failed because of invalid inputs, such as a request to transcode a file that is not in the given input bucket Count Sum PipelineId Applicable
OutputsPerJob The number of outputs Elastic Transcoder created for a job Count Sum PipelineId Applicable
StandbyTime The number of seconds before Elastic Transcoder started transcoding a job Seconds Multi PipelineId Applicable
Throttles The number of times that Elastic Transcoder automatically throttled an operation Count Sum Region, Operation Applicable

Limitations

Amazon Elastic Transcoder doesn't support tagging.


Source: aws-service-elemental-mediaconnect.md


title: AWS Elemental MediaConnect monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elemental-mediaconnect scraped: 2026-02-16T09:29:47.069289


AWS Elemental MediaConnect monitoring

AWS Elemental MediaConnect monitoring

  • How-to guide
  • 14-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Elemental MediaConnect. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Mediaconnect

Available metrics

FlowARN is the main dimension.

Name Description Unit Statistics Dimensions Recommended
ARQRecovered The number of dropped packets that were recovered by automatic repeat request (ARQ) Count Sum FlowARN Applicable
ARQRecovered Count Sum Region
ARQRecovered Count Sum Region, AvailabilityZone
ARQRequests The number of retransmitted packets that were requested through automatic repeat request (ARQ) and received Count Sum Region
ARQRequests Count Sum Region, AvailabilityZone
ARQRequests Count Sum FlowARN Applicable
BitRate Bits/Second Multi Region
BitRate Bits/Second Multi Region, AvailabilityZone
BitRate Bits/Second Multi FlowARN Applicable
CATError The number of times that a conditional access table (CAT) error occurred. This error indicates that the CAT is not present. Count Sum FlowARN
CATError Count Sum Region
CATError Count Sum Region, AvailabilityZone
CRCError Count Sum FlowARN
CRCError Count Sum Region
CRCError Count Sum Region, AvailabilityZone
Connected The status of the source. A value of one indicates that the source is connected and a value of zero indicates that the source is disconnected. None Multi FlowARN
Connected None Sum FlowARN
Connected None Multi Region
Connected None Multi Region, AvailabilityZone
Connected None Sum Region
Connected None Sum Region, AvailabilityZone
Connected None Count Region
Connected None Count Region, AvailabilityZone
ConnectedOutputs Count Sum Region
ConnectedOutputs Count Sum Region, AvailabilityZone
ConnectedOutputs Count Sum FlowARN
ContinuityCounter The number of times that a continuity error occurred Count Sum FlowARN
ContinuityCounter Count Sum Region
ContinuityCounter Count Sum Region, AvailabilityZone
Disconnections The number of times that the source status changed from connected to disconnected Count Sum Region
Disconnections Count Sum Region, AvailabilityZone
Disconnections Count Sum FlowARN
DroppedPackets The number of packets that were lost during transit Count Sum Region
DroppedPackets Count Sum Region, AvailabilityZone
DroppedPackets Count Sum FlowARN Applicable
FECPackets The number of packets that were transmitted using forward error correction (FEC) and received Count Sum FlowARN Applicable
FECPackets Count Sum Region
FECPackets Count Sum Region, AvailabilityZone
FECRecovered The number of packets that were transmitted using forward error correction (FEC), lost during transit, and recovered Count Sum FlowARN Applicable
FECRecovered Count Sum Region
FECRecovered Count Sum Region, AvailabilityZone
NotRecoveredPackets The number of packets that were lost during transit and were not recovered by error correction Count Sum FlowARN Applicable
NotRecoveredPackets Count Sum Region
NotRecoveredPackets Count Sum Region, AvailabilityZone
OutputConnected None Multi Region, OutputARN
OutputConnected None Multi FlowARN
OutputConnected None Multi Region
OutputConnected None Multi Region, AvailabilityZone
OutputDisconnections Count Sum Region, OutputARN
OutputDisconnections Count Sum FlowARN
OutputDisconnections Count Sum Region
OutputDisconnections Count Sum Region, AvailabilityZone
OverflowPackets The number of packets that were lost in transit because the video required more buffer than was available Count Sum FlowARN Applicable
OverflowPackets Count Sum Region
OverflowPackets Count Sum Region, AvailabilityZone
PATError The number of times that a program association table (PAT) error occurred Count Sum Region
PATError Count Sum Region, AvailabilityZone
PATError Count Sum FlowARN
PCRAccuracyError The number of times that a program clock register (PCR) accuracy error occurred Count Sum Region
PCRAccuracyError Count Sum Region, AvailabilityZone
PCRAccuracyError Count Sum FlowARN
PCRError The number of times that a PCR error occurred Count Sum FlowARN
PCRError Count Sum Region
PCRError Count Sum Region, AvailabilityZone
PIDError The number of times that a packet identifier (PID) error occurred Count Sum Region
PIDError Count Sum Region, AvailabilityZone
PIDError Count Sum FlowARN
PMTError The number of times that a program map table (PMT) error occurred Count Sum FlowARN
PMTError Count Sum Region
PMTError Count Sum Region, AvailabilityZone
PTSError The number of times that a presentation timestamp (PTS) error occurred Count Sum FlowARN
PTSError Count Sum Region
PTSError Count Sum Region, AvailabilityZone
PacketLossPercent The percentage of packets that were lost during transit, even if they were recovered Percent Multi Region
PacketLossPercent Percent Multi Region, AvailabilityZone
PacketLossPercent Percent Multi FlowARN Applicable
RecoveredPackets The number of packets that were lost during transit, but recovered Count Sum FlowARN Applicable
RecoveredPackets Count Sum Region
RecoveredPackets Count Sum Region, AvailabilityZone
RoundTripTime The amount of time it takes for the source to send a signal and receive an acknowledgment from AWS Elemental MediaConnect Milliseconds Multi Region
RoundTripTime Milliseconds Multi Region, AvailabilityZone
RoundTripTime Milliseconds Multi FlowARN Applicable
SourceARQRecovered Count Sum Region
SourceARQRecovered Count Sum Region, AvailabilityZone
SourceARQRecovered Count Sum Region, SourceARN
SourceARQRecovered Count Sum FlowARN
SourceARQRequests Count Sum FlowARN
SourceARQRequests Count Sum Region
SourceARQRequests Count Sum Region, AvailabilityZone
SourceARQRequests Count Sum Region, SourceARN
SourceBitRate The bitrate of the incoming (source) video Bits/Second Multi FlowARN
SourceBitRate Bits/Second Multi Region
SourceBitRate Bits/Second Multi Region, AvailabilityZone
SourceBitRate Bits/Second Multi Region, SourceARN
SourceCATError Count Sum FlowARN
SourceCATError Count Sum Region
SourceCATError Count Sum Region, AvailabilityZone
SourceCATError Count Sum Region, SourceARN
SourceCRCError Count Sum FlowARN
SourceCRCError Count Sum Region
SourceCRCError Count Sum Region, AvailabilityZone
SourceCRCError Count Sum Region, SourceARN
SourceConnected None Multi Region
SourceConnected None Multi Region, AvailabilityZone
SourceConnected None Multi Region, SourceARN
SourceConnected None Sum Region
SourceConnected None Sum Region, AvailabilityZone
SourceConnected None Sum Region, SourceARN
SourceConnected None Count Region
SourceConnected None Count Region, AvailabilityZone
SourceConnected None Count Region, SourceARN
SourceConnected None Multi FlowARN
SourceConnected None Sum FlowARN
SourceContinuityCounter Count Sum Region
SourceContinuityCounter Count Sum Region, AvailabilityZone
SourceContinuityCounter Count Sum Region, SourceARN
SourceContinuityCounter Count Sum FlowARN
SourceDisconnections Count Sum FlowARN
SourceDisconnections Count Sum Region
SourceDisconnections Count Sum Region, AvailabilityZone
SourceDisconnections Count Sum Region, SourceARN
SourceDroppedPackets Count Sum Region
SourceDroppedPackets Count Sum Region, AvailabilityZone
SourceDroppedPackets Count Sum Region, SourceARN
SourceDroppedPackets Count Sum FlowARN
SourceFECPackets Count Sum Region
SourceFECPackets Count Sum Region, AvailabilityZone
SourceFECPackets Count Sum Region, SourceARN
SourceFECPackets Count Sum FlowARN
SourceFECRecovered Count Sum Region
SourceFECRecovered Count Sum Region, AvailabilityZone
SourceFECRecovered Count Sum Region, SourceARN
SourceFECRecovered Count Sum FlowARN
SourceNotRecoveredPackets Count Sum Region
SourceNotRecoveredPackets Count Sum Region, AvailabilityZone
SourceNotRecoveredPackets Count Sum Region, SourceARN
SourceNotRecoveredPackets Count Sum FlowARN
SourceOverflowPackets Count Sum Region
SourceOverflowPackets Count Sum Region, AvailabilityZone
SourceOverflowPackets Count Sum Region, SourceARN
SourceOverflowPackets Count Sum FlowARN
SourcePATError Count Sum FlowARN
SourcePATError Count Sum Region
SourcePATError Count Sum Region, AvailabilityZone
SourcePATError Count Sum Region, SourceARN
SourcePCRAccuracyError Count Sum FlowARN
SourcePCRAccuracyError Count Sum Region
SourcePCRAccuracyError Count Sum Region, AvailabilityZone
SourcePCRAccuracyError Count Sum Region, SourceARN
SourcePCRError Count Sum Region
SourcePCRError Count Sum Region, AvailabilityZone
SourcePCRError Count Sum Region, SourceARN
SourcePCRError Count Sum FlowARN
SourcePIDError Count Sum FlowARN
SourcePIDError Count Sum Region
SourcePIDError Count Sum Region, AvailabilityZone
SourcePIDError Count Sum Region, SourceARN
SourcePMTError Count Sum Region
SourcePMTError Count Sum Region, AvailabilityZone
SourcePMTError Count Sum Region, SourceARN
SourcePMTError Count Sum FlowARN
SourcePTSError Count Sum Region
SourcePTSError Count Sum Region, AvailabilityZone
SourcePTSError Count Sum Region, SourceARN
SourcePTSError Count Sum FlowARN
SourcePacketLossPercent Percent Multi FlowARN
SourcePacketLossPercent Percent Multi Region
SourcePacketLossPercent Percent Multi Region, AvailabilityZone
SourcePacketLossPercent Percent Multi Region, SourceARN
SourceRecoveredPackets Count Sum FlowARN
SourceRecoveredPackets Count Sum Region
SourceRecoveredPackets Count Sum Region, AvailabilityZone
SourceRecoveredPackets Count Sum Region, SourceARN
SourceRoundTripTime Milliseconds Multi Region
SourceRoundTripTime Milliseconds Multi Region, AvailabilityZone
SourceRoundTripTime Milliseconds Multi Region, SourceARN
SourceRoundTripTime Milliseconds Multi FlowARN
SourceTSByteError Count Sum Region
SourceTSByteError Count Sum Region, AvailabilityZone
SourceTSByteError Count Sum Region, SourceARN
SourceTSByteError Count Sum FlowARN
SourceTSSyncLoss Count Sum Region
SourceTSSyncLoss Count Sum Region, AvailabilityZone
SourceTSSyncLoss Count Sum Region, SourceARN
SourceTSSyncLoss Count Sum FlowARN
SourceTotalPackets Count Sum Region
SourceTotalPackets Count Sum Region, AvailabilityZone
SourceTotalPackets Count Sum Region, SourceARN
SourceTotalPackets Count Sum FlowARN
SourceTransportError Count Sum FlowARN
SourceTransportError Count Sum Region
SourceTransportError Count Sum Region, AvailabilityZone
SourceTransportError Count Sum Region, SourceARN
TSByteError The number of times that a transport stream (TS) byte error occurred Count Sum Region
TSByteError Count Sum Region, AvailabilityZone
TSByteError Count Sum FlowARN
TSSyncLoss The number of times that a transport stream (TS) sync loss error occurred Count Sum FlowARN
TSSyncLoss Count Sum Region
TSSyncLoss Count Sum Region, AvailabilityZone
TotalPackets The total number of packets that were received Count Sum Region
TotalPackets Count Sum Region, AvailabilityZone
TotalPackets Count Sum FlowARN Applicable
TransportError The number of times that a primary transport error occurred Count Sum Region
TransportError Count Sum Region, AvailabilityZone
TransportError Count Sum FlowARN

Source: aws-service-elemental-mediaconvert.md


title: AWS Elemental MediaConvert monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elemental-mediaconvert scraped: 2026-02-16T21:30:47.844020


AWS Elemental MediaConvert monitoring

AWS Elemental MediaConvert monitoring

  • How-to guide
  • 2-min read
  • Published Jul 21, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Elemental MediaConvert. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Mediaconvert dashboard

Available metrics

Queue is the main dimension.

Name Description Unit Statistics Dimensions Recommended
AudioOutputDuration The number of seconds of audio-only output for a queue Milliseconds Multi Queue
AudioOutputDuration Milliseconds Sum Queue Applicable
Errors The number of errors caused by invalid operation parameters, such as a request for a job status that does not include the job ID Count Sum Region, Operation Applicable
HDOutputDuration The number of seconds of high-definition (HD) output for a queue Milliseconds Multi Queue
HDOutputDuration Milliseconds Sum Queue Applicable
JobsCanceledCount The number of jobs canceled in this queue Count Sum Queue Applicable
JobsCompletedCount The number of jobs completed in this queue Count Sum Queue Applicable
JobsErroredCount The number of jobs that failed because of invalid inputs, such as a request to transcode a file that is not in the specified input bucket Count Sum Queue Applicable
8KOutputDuration The number of seconds of 8K output for a queue Milliseconds Multi Queue
8KOutputDuration Milliseconds Sum Queue Applicable
SDOutputDuration The number of seconds of standard definition (SD) output for a queue Milliseconds Multi Queue
SDOutputDuration Milliseconds Sum Queue Applicable
StandbyTime The number of seconds before AWS Elemental MediaConvert starts transcoding a job Milliseconds Multi Region Applicable
StandbyTime Milliseconds Multi Queue Applicable
TranscodingTime The number of seconds for AWS Elemental MediaConvert to complete transcoding Milliseconds Multi Queue Applicable
UHDOutputDuration The number of seconds of ultra-high-definition (UHD) output for a queue Milliseconds Multi Queue
UHDOutputDuration Milliseconds Sum Queue Applicable

Limitations

Dynatrace is currently not gathering any instance attributes for AWS Elemental MediaConvert.


Source: aws-service-elemental-mediapackage.md


title: AWS Elemental MediaPackage (Live, Video on Demand) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elemental-mediapackage scraped: 2026-02-17T04:57:22.904140


AWS Elemental MediaPackage (Live, Video on Demand) monitoring

AWS Elemental MediaPackage (Live, Video on Demand) monitoring

  • How-to guide
  • 5-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Elemental MediaPackage (Live, Video on Demand). You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • An Environment or Cluster ActiveGate version 1.197+
  • For AWS Elemental MediaPackage Live, Dynatrace version 1.203+
  • For AWS Elemental MediaPackage Video on Demand, Dynatrace version 1.204+
  • An updated AWS monitoring policy to include the additional AWS services.
    To update the AWS IAM policy, use the JSON below.

Predefined policy in JSON

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Media dash

Vod dash

Available metrics

AWS Elemental MediaPackage Live

Channel is the main dimension.

Name Description Unit Statistics Dimensions Recommended
ActiveInput Indicates if an input has been used as the source for an endpoint in AWS Elemental MediaPackage (it has been active). A value of 1 indicates that the input was active, and a 0 (zero) indicates that it wasn't. Count Multi Region, IngestEndpoint, OriginEndpoint
EgressBytes Number of bytes that AWS Elemental MediaPackage successfully sends for each request. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. Bytes Multi Channel Applicable
EgressBytes Bytes Sum Channel Applicable
EgressBytes Count Count Channel
EgressBytes Bytes Multi Channel, OriginEndpoint
EgressBytes Bytes Sum Channel, OriginEndpoint Applicable
EgressBytes Count Count Channel, OriginEndpoint
EgressBytes Bytes Multi Region Applicable
EgressBytes Bytes Sum Region Applicable
EgressBytes Count Count Region Applicable
EgressRequestCount Number of content requests that AWS Elemental MediaPackage receives. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. Count Sum Channel Applicable
EgressRequestCount Count Sum Channel, OriginEndpoint
EgressRequestCount Count Sum Channel, StatusCodeRange Applicable
EgressRequestCount Count Sum Channel, OriginEndpoint, StatusCodeRange
EgressRequestCount Count Sum Region, StatusCodeRange
EgressRequestCount Count Sum Region Applicable
EgressResponseTime The time that it takes AWS Elemental MediaPackage to process each output request. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. Milliseconds Multi Channel Applicable
EgressResponseTime Milliseconds Sum Channel Applicable
EgressResponseTime Count Count Channel
EgressResponseTime Milliseconds Multi Channel, OriginEndpoint Applicable
EgressResponseTime Milliseconds Sum Channel, OriginEndpoint
EgressResponseTime Count Count Channel, OriginEndpoint
IngressBytes Number of bytes of content that AWS Elemental MediaPackage receives for each input request. If MediaPackage doesn't receive any requests for input in the specified interval, then no data is given. Bytes Multi Channel Applicable
IngressBytes Bytes Sum Channel Applicable
IngressBytes Count Count Channel
IngressBytes Bytes Multi Channel, IngestEndpoint Applicable
IngressBytes Bytes Sum Channel, IngestEndpoint
IngressBytes Count Count Channel, IngestEndpoint
IngressBytes Bytes Multi Region
IngressBytes Bytes Sum Region
IngressBytes Count Count Region
IngressResponseTime The time that it takes AWS Elemental MediaPackage to process each input request. If MediaPackage doesn't receive any requests for input in the specified interval, then no data is given. Milliseconds Multi Channel Applicable
IngressResponseTime Milliseconds Sum Channel Applicable
IngressResponseTime Count Count Channel
IngressResponseTime Milliseconds Multi Channel, IngestEndpoint Applicable
IngressResponseTime Milliseconds Sum Channel, IngestEndpoint
IngressResponseTime Count Count Channel, IngestEndpoint
IngressResponseTime Milliseconds Multi Region
IngressResponseTime Milliseconds Sum Region
IngressResponseTime Count Count Region

AWS Elemental MediaPackage Video on Demand (VOD)

PackagingConfiguration is the main dimension.

Name Description Unit Statistics Dimensions Recommended
EgressBytes Number of bytes that AWS Elemental MediaPackage successfully sends for each request. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. Bytes Multi PackagingConfiguration Applicable
EgressBytes Bytes Sum PackagingConfiguration Applicable
EgressBytes Count Count PackagingConfiguration
EgressRequestCount Number of content requests that AWS Elemental MediaPackage receives. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. Count Sum PackagingConfiguration Applicable
EgressRequestCount Count Sum PackagingConfiguration, StatusCodeRange
EgressResponseTime The time that it takes AWS Elemental MediaPackage to process each output request. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. Milliseconds Multi PackagingConfiguration Applicable
EgressResponseTime Milliseconds Sum PackagingConfiguration Applicable
EgressResponseTime Count Count PackagingConfiguration

Source: aws-service-elemental-mediatailor.md


title: AWS Elemental MediaTailor monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elemental-mediatailor scraped: 2026-02-16T21:31:28.728509


AWS Elemental MediaTailor monitoring

AWS Elemental MediaTailor monitoring

  • How-to guide
  • 3-min read
  • Published Jul 21, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Elemental MediaTailor. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Mediatailor dashboard

Available metrics

ConfigurationName is the main dimension.

Name Description Unit Statistics Dimensions Recommended
AdDecisionServer.Ads The count of ads included in ad decision server (ADS) responses for the time period that you specified Count Sum ConfigurationName
AdDecisionServer.Duration The total duration, in milliseconds, of all ads that MediaTailor received from the ADS for the time period that you specified Milliseconds Average ConfigurationName
AdDecisionServer.Errors The number of non-HTTP 200 status code responses, empty responses, and timed-out responses that MediaTailor received from the ADS in the time period that you specified Count Sum ConfigurationName
AdDecisionServer.FillRate The simple average of the rates at which the responses from the ADS filled the corresponding individual ad avails for the time period that you specified Count Average ConfigurationName
AdDecisionServer.Timeouts The number of timed-out requests to the ADS in the time period that you specified Count Sum ConfigurationName
AdNotReady The number of times that the ADS pointed at an ad that wasn't yet transcoded by the internal transcoder service in the time period that you specified Count Sum ConfigurationName
Avail.Duration The total duration, in milliseconds, of all ad avails that MediaTailor encountered in the time period that you specified Milliseconds Average ConfigurationName
Avail.FillRate The simple average of the rates at which MediaTailor filled the individual ad avails for the time period that you specified Count Average ConfigurationName Applicable
Avail.FilledDuration The total duration, in milliseconds, of ad avail time that MediaTailor filled with ads in the time period that you specified Milliseconds Average ConfigurationName Applicable
GetManifest.Errors The number of errors received while MediaTailor was generating manifests in the time period that you specified Count Sum ConfigurationName
Origin.Errors The number of non-HTTP 200 status code responses and timed-out responses that MediaTailor received from the origin server in the time period that you specified Count Sum ConfigurationName
Origin.Timeouts The number of timed-out requests to the origin server in the time period that you specified Count Sum ConfigurationName

Limitations

AdDecisionServer.FillRate and Avail.FillRate should be expressed in percentage, however, AWS reports it as a value from 0 to 1. They are defined for the time being as Count values.


Source: aws-service-eventbridge.md


title: Amazon EventBridge monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-eventbridge scraped: 2026-02-17T05:05:17.264473


Amazon EventBridge monitoring

Amazon EventBridge monitoring

  • How-to guide
  • 2-min read
  • Published Jul 21, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon EventBridge. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

The Amazon EventBridge service is made up of one or multiple event buses. There is a default event bus, with service-wide metrics, and you can optionally create additional event buses called custom event buses.
The default event bus metrics can be viewed in the Further details section of the custom device group overview page. If you create additional event buses, the custom event bus metrics will show up in the Further details section of the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Event dash

Available metrics

EventBusName is the main dimension.

Name Description Unit Statistics Dimensions Recommended
DeadLetterInvocations The number of times a rule’s target is not invoked in response to an event Count Sum EventBusName, RuleName Applicable
DeadLetterInvocations Count Sum Region, RuleName Applicable
DeadLetterInvocations Count Sum Region Applicable
FailedInvocations The number of invocations that failed permanently Count Sum EventBusName, RuleName Applicable
FailedInvocations Count Sum Region, RuleName Applicable
FailedInvocations Count Sum Region Applicable
Invocations The number of times a target is invoked for a rule in response to an event Count Sum EventBusName, RuleName Applicable
Invocations Count Sum Region, RuleName Applicable
Invocations Count Sum Region Applicable
MatchedEvents The number of events that matched with any rule Count Sum Region Applicable
ThrottledRules The number of triggered rules that are being throttled Count Sum EventBusName, RuleName Applicable
ThrottledRules Count Sum Region, RuleName Applicable
ThrottledRules Count Sum Region Applicable
TriggeredRules The number of triggered rules that matched with any event Count Sum EventBusName, RuleName Applicable
TriggeredRules Count Sum Region, RuleName Applicable
TriggeredRules Count Sum Region Applicable

Limitations

Amazon EventBridge sends Invocations metrics to CloudWatch only if it has a non-zero value. For more information, see AWS documentation.


Source: aws-service-fsx.md


title: Amazon FSx monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-fsx scraped: 2026-02-16T09:37:53.531655


Amazon FSx monitoring

Amazon FSx monitoring

  • How-to guide
  • 1-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon FSx. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Fsx

Available metrics

FileSystemId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
DataReadBytes DataReadBytes Bytes Multi FileSystemId Applicable
DataReadBytes Bytes Sum FileSystemId
DataReadOperations The number of read operations Count Sum FileSystemId Applicable
DataWriteBytes The number of bytes for file system write operations Bytes Multi FileSystemId Applicable
DataWriteBytes Bytes Sum FileSystemId
DataWriteOperations The number of write operations Count Sum FileSystemId Applicable
FreeStorageCapacity The amount of available storage capacity Bytes Multi FileSystemId Applicable
MetadataOperations The number of metadata operations Count Sum FileSystemId Applicable

Source: aws-service-inspector.md


title: Amazon Inspector monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-inspector scraped: 2026-02-17T04:58:40.194846


Amazon Inspector monitoring

Amazon Inspector monitoring

  • How-to guide
  • 2-min read
  • Published Oct 12, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Inspector. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

Predefined policy in JSON

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Inspector

Available metrics

AssessmentTemplateArn is the main dimension.

Name Description Unit Statistics Dimensions Recommended
TotalAssessmentRuns Number of assessment runs for this target Count Sum Region, AssessmentTargetArn, AssessmentTargetName
TotalAssessmentRuns Count Sum AssessmentTemplateArn, AssessmentTemplateName Applicable
TotalFindings Number of findings for this template Count Sum Region, AssessmentTargetArn, AssessmentTargetName
TotalFindings Count Sum AssessmentTemplateArn, AssessmentTemplateName Applicable
TotalHealthyAgents Number of agents that match this target that are healthy Count Sum Region, AssessmentTargetArn, AssessmentTargetName
TotalHealthyAgents Count Sum AssessmentTemplateArn, AssessmentTemplateName Applicable
TotalMatchingAgents Number of agents that match this template Count Sum Region, AssessmentTargetArn, AssessmentTargetName
TotalMatchingAgents Count Sum AssessmentTemplateArn, AssessmentTemplateName Applicable

Source: aws-service-lambda-new.md


title: AWS Lambda monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-lambda-new scraped: 2026-02-15T09:08:00.397793


AWS Lambda monitoring

AWS Lambda monitoring

  • How-to guide
  • 1-min read
  • Updated on Nov 15, 2023

For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Lambda. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

You can also view metrics in the Dynatrace web UI on dashboards. There is no preset dashboard available for this service, but you can create your own dashboard.

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Available metrics

This service monitors a part of AWS Lambda (AWS/Lambda). While you have this service configured, you can't have AWS Lambda (built-in) service turned on.

FunctionName is the main dimension.

Name Description Unit Statistics Dimensions Recommended
AsyncEventAge The time between when Lambda successfully queues the event and when the function is invoked. Milliseconds Multi FunctionName, Resource
AsyncEventAge Milliseconds Multi FunctionName
AsyncEventAge Milliseconds Multi Region
AsyncEventsDropped The number of events that are dropped without successfully executing the function. Count Sum FunctionName, Resource
AsyncEventsDropped Count Sum FunctionName
AsyncEventsDropped Count Sum Region
AsyncEventsReceived The number of events that Lambda successfully queues for processing. Count Sum FunctionName, Resource
AsyncEventsReceived Count Sum FunctionName
AsyncEventsReceived Count Sum Region
ConcurrentExecutions The number of function instances that are processing events. Count Maximum FunctionName, Resource
ConcurrentExecutions Count Maximum FunctionName
ConcurrentExecutions Count Sum FunctionName, Resource
ConcurrentExecutions Count Sum FunctionName Applicable
ConcurrentExecutions Count Sum Region Applicable
DeadLetterErrors For asynchronous invocation, the number of times that Lambda attempts to send an event to a dead-letter queue (DLQ) but fails. Count Sum FunctionName, Resource
DeadLetterErrors Count Sum FunctionName
DeadLetterErrors Count Sum Region
DestinationDeliveryFailures For asynchronous invocation and supported event source mappings, the number of times that Lambda attempts to send an event to a destination but fails. Count Sum FunctionName, Resource
DestinationDeliveryFailures Count Sum FunctionName
DestinationDeliveryFailures Count Sum Region
Duration The amount of time that your function code spends processing an event. Milliseconds Multi FunctionName, Resource
Duration Milliseconds Multi FunctionName Applicable
Duration Milliseconds Multi Region Applicable
Errors The number of invocations that result in a function error. Count Sum FunctionName, Resource
Errors Count Sum FunctionName Applicable
Errors Count Sum Region Applicable
Invocations The number of times that your function code is invoked, including successful invocations and invocations that result in a function error. Count Sum FunctionName, Resource
Invocations Count Sum FunctionName Applicable
Invocations Count Sum Region Applicable
IteratorAge For DynamoDB, Kinesis, and Amazon DocumentDB event sources, the age of the last record in the event. Milliseconds Multi FunctionName, Resource
IteratorAge Milliseconds Multi FunctionName
IteratorAge Milliseconds Multi Region
OffsetLag For self-managed Apache Kafka and Amazon Managed Streaming for Apache Kafka (Amazon MSK) event sources, the difference in offset between the last record written to a topic and the last record that your function's consumer group processed. Milliseconds Multi FunctionName, Resource
OffsetLag Milliseconds Multi FunctionName
OffsetLag Milliseconds Multi Region
PostRuntimeExtensionsDuration The cumulative amount of time that the runtime spends running code for extensions after the function code has completed. Milliseconds Multi FunctionName, Resource Applicable
PostRuntimeExtensionsDuration Milliseconds Multi FunctionName
PostRuntimeExtensionsDuration Milliseconds Multi Region Applicable
ProvisionedConcurrencyInvocations The number of times that your function code is invoked using provisioned concurrency. Count Sum FunctionName, Resource Applicable
ProvisionedConcurrencyInvocations Count Sum FunctionName
ProvisionedConcurrencyInvocations Count Sum Region Applicable
ProvisionedConcurrencySpilloverInvocations The number of times that your function code is invoked using standard concurrency when all provisioned concurrency is in use. Count Sum FunctionName, Resource
ProvisionedConcurrencySpilloverInvocations Count Sum FunctionName
ProvisionedConcurrencySpilloverInvocations Count Sum Region
ProvisionedConcurrencyUtilization For a version or alias, the value of ProvisionedConcurrentExecutions divided by the total amount of provisioned concurrency allocated. Count Sum FunctionName, Resource
ProvisionedConcurrencyUtilization Count Sum FunctionName
ProvisionedConcurrencyUtilization Count Sum Region
ProvisionedConcurrentExecutions The number of function instances that are processing events using provisioned concurrency. Count Sum FunctionName, Resource Applicable
ProvisionedConcurrentExecutions Count Sum FunctionName
ProvisionedConcurrentExecutions Count Sum FunctionName, Resource
ProvisionedConcurrentExecutions Count Sum FunctionName Applicable
ProvisionedConcurrentExecutions Count Sum Region Applicable
RecursiveInvocationsDropped The number of times that Lambda has stopped invocation of your function because it's detected that your function is part of an infinite recursive loop. Count Sum FunctionName, Resource
RecursiveInvocationsDropped Count Sum FunctionName
RecursiveInvocationsDropped Count Sum Region
Throttles The number of invocation requests that are throttled. Count Sum FunctionName, Resource
Throttles Count Sum FunctionName Applicable
Throttles Count Sum Region Applicable
UnreservedConcurrentExecutions For a Region, the number of events that functions without reserved concurrency are processing. Count Sum Region

Source: aws-service-neptune.md


title: Amazon Neptune monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-neptune scraped: 2026-02-16T21:28:30.730491


Amazon Neptune monitoring

Amazon Neptune monitoring

  • How-to guide
  • 11-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Neptune. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Neptune

Available metrics

DBClusterIdentifier is the main dimension.

Name Description Unit Statistics Dimensions Recommended
BackupRetentionPeriodStorageUsed The total amount of backup storage, in bytes, used to support from the Neptune DB cluster's backup retention window Bytes Multi DBClusterIdentifier
BackupRetentionPeriodStorageUsed Bytes Multi Region, EngineName
CPUUtilization The percentage of CPU utilization Percent Multi DBClusterIdentifier Applicable
CPUUtilization Percent Multi DBClusterIdentifier Applicable
CPUUtilization Percent Multi Region Applicable
CPUUtilization Percent Multi Region, DBInstanceIdentifier Applicable
CPUUtilization Percent Multi Region, DatabaseClass Applicable
CPUUtilization Percent Multi Region, EngineName Applicable
ClusterReplicaLag For a read replica, the amount of lag when replicating updates from the primary instance, in milliseconds Milliseconds Multi DBClusterIdentifier Applicable
ClusterReplicaLag Milliseconds Multi DBClusterIdentifier, Role Applicable
ClusterReplicaLag Milliseconds Multi Region Applicable
ClusterReplicaLag Milliseconds Multi Region, DBInstanceIdentifier Applicable
ClusterReplicaLag Milliseconds Multi Region, DatabaseClass Applicable
ClusterReplicaLag Milliseconds Multi Region, EngineName Applicable
ClusterReplicaLagMaximum The maximum amount of lag between the primary instance and each Neptune DB instance in the DB cluster, in milliseconds Milliseconds Multi DBClusterIdentifier
ClusterReplicaLagMaximum Milliseconds Multi DBClusterIdentifier, Role
ClusterReplicaLagMaximum Milliseconds Multi Region
ClusterReplicaLagMaximum Milliseconds Multi Region, DBInstanceIdentifier
ClusterReplicaLagMaximum Milliseconds Multi Region, DatabaseClass
ClusterReplicaLagMaximum Milliseconds Multi Region, EngineName
ClusterReplicaLagMinimum The minimum amount of lag between the primary instance and each Neptune DB instance in the DB cluster, in milliseconds Milliseconds Multi DBClusterIdentifier
ClusterReplicaLagMinimum Milliseconds Multi DBClusterIdentifier, Role
ClusterReplicaLagMinimum Milliseconds Multi Region
ClusterReplicaLagMinimum Milliseconds Multi Region, DBInstanceIdentifier
ClusterReplicaLagMinimum Milliseconds Multi Region, DatabaseClass
ClusterReplicaLagMinimum Milliseconds Multi Region, EngineName
EngineUptime The amount of time that the instance has been running, in seconds Seconds Multi DBClusterIdentifier Applicable
EngineUptime Seconds Multi DBClusterIdentifier, Role Applicable
EngineUptime Seconds Multi Region Applicable
EngineUptime Seconds Multi Region, DBInstanceIdentifier Applicable
EngineUptime Seconds Multi Region, DatabaseClass Applicable
EngineUptime Seconds Multi Region, EngineName Applicable
FreeableMemory The amount of available RAM, in bytes Bytes Multi DBClusterIdentifier Applicable
FreeableMemory Bytes Multi DBClusterIdentifier, Role Applicable
FreeableMemory Bytes Multi Region Applicable
FreeableMemory Bytes Multi Region, DBInstanceIdentifier Applicable
FreeableMemory Bytes Multi Region, DatabaseClass Applicable
FreeableMemory Bytes Multi Region, EngineName Applicable
GremlinRequestsPerSec Number of requests per second to the Gremlin engine Count/Second Multi DBClusterIdentifier Applicable
GremlinRequestsPerSec Count/Second Multi DBClusterIdentifier, Role Applicable
GremlinRequestsPerSec Count/Second Multi Region Applicable
GremlinRequestsPerSec Count/Second Multi Region, DBInstanceIdentifier Applicable
GremlinRequestsPerSec Count/Second Multi Region, DatabaseClass Applicable
GremlinRequestsPerSec Count/Second Multi Region, EngineName Applicable
GremlinWebSocketOpenConnections The number of open WebSocket connections to Neptune Count/Second Multi DBClusterIdentifier
GremlinWebSocketOpenConnections Count/Second Multi DBClusterIdentifier, Role
GremlinWebSocketOpenConnections Count/Second Multi Region
GremlinWebSocketOpenConnections Count/Second Multi Region, DBInstanceIdentifier
GremlinWebSocketOpenConnections Count/Second Multi Region, DatabaseClass
GremlinWebSocketOpenConnections Count/Second Multi Region, EngineName
LoaderRequestsPerSec Number of loader requests per second Count/Second Multi DBClusterIdentifier
LoaderRequestsPerSec Count/Second Multi DBClusterIdentifier, Role
LoaderRequestsPerSec Count/Second Multi Region
LoaderRequestsPerSec Count/Second Multi Region, DBInstanceIdentifier
LoaderRequestsPerSec Count/Second Multi Region, DatabaseClass
LoaderRequestsPerSec Count/Second Multi Region, EngineName
MainRequestQueuePendingRequests The number of requests waiting in the input queue pending execution. Neptune starts throttling requests when they exceed the maximum queue capacity Count/Second Multi DBClusterIdentifier Applicable
MainRequestQueuePendingRequests Count/Second Multi DBClusterIdentifier, Role Applicable
MainRequestQueuePendingRequests Count/Second Multi Region Applicable
MainRequestQueuePendingRequests Count/Second Multi Region, DBInstanceIdentifier Applicable
MainRequestQueuePendingRequests Count/Second Multi Region, DatabaseClass Applicable
MainRequestQueuePendingRequests Count/Second Multi Region, EngineName Applicable
NetworkReceiveThroughput The incoming (receive) network traffic on the DB instance, including both customer database traffic and Neptune traffic used for monitoring and replication, in bytes/second Bytes/Second Multi DBClusterIdentifier
NetworkReceiveThroughput Bytes/Second Multi DBClusterIdentifier, Role
NetworkReceiveThroughput Bytes/Second Multi Region
NetworkReceiveThroughput Bytes/Second Multi Region, DBInstanceIdentifier
NetworkReceiveThroughput Bytes/Second Multi Region, DatabaseClass
NetworkReceiveThroughput Bytes/Second Multi Region, EngineName
NetworkThroughput The amount of network throughput both received from and transmitted to clients by each instance in the Neptune DB cluster, in bytes per second. This throughput doesn't include network traffic between instances in the DB cluster and the cluster volume. Bytes/Second Multi DBClusterIdentifier Applicable
NetworkThroughput Bytes/Second Multi DBClusterIdentifier, Role Applicable
NetworkThroughput Bytes/Second Multi Region Applicable
NetworkThroughput Bytes/Second Multi Region, DBInstanceIdentifier Applicable
NetworkThroughput Bytes/Second Multi Region, DatabaseClass Applicable
NetworkThroughput Bytes/Second Multi Region, EngineName Applicable
NetworkTransmitThroughput The outgoing (transmit) network traffic on the DB instance, including both customer database traffic and Neptune traffic used for monitoring and replication, in bytes/second Bytes/Second Multi DBClusterIdentifier
NetworkTransmitThroughput Bytes/Second Multi DBClusterIdentifier, Role
NetworkTransmitThroughput Bytes/Second Multi Region
NetworkTransmitThroughput Bytes/Second Multi Region, DBInstanceIdentifier
NetworkTransmitThroughput Bytes/Second Multi Region, DatabaseClass
NetworkTransmitThroughput Bytes/Second Multi Region, EngineName
NumTxCommitted The number of transactions successfully committed per second Count/Second Multi DBClusterIdentifier
NumTxCommitted Count/Second Multi DBClusterIdentifier, Role
NumTxCommitted Count/Second Multi Region
NumTxCommitted Count/Second Multi Region, DBInstanceIdentifier
NumTxCommitted Count/Second Multi Region, DatabaseClass
NumTxCommitted Count/Second Multi Region, EngineName
NumTxOpened The number of transactions opened on the server per second Count/Second Multi DBClusterIdentifier
NumTxOpened Count/Second Multi DBClusterIdentifier, Role
NumTxOpened Count/Second Multi Region
NumTxOpened Count/Second Multi Region, DBInstanceIdentifier
NumTxOpened Count/Second Multi Region, DatabaseClass
NumTxOpened Count/Second Multi Region, EngineName
NumTxRolledBack The number of transactions per second rolled back on the server because of errors Count/Second Multi DBClusterIdentifier
NumTxRolledBack Count/Second Multi DBClusterIdentifier, Role
NumTxRolledBack Count/Second Multi Region
NumTxRolledBack Count/Second Multi Region, DBInstanceIdentifier
NumTxRolledBack Count/Second Multi Region, DatabaseClass
NumTxRolledBack Count/Second Multi Region, EngineName
SnapshotStorageUsed The total amount of backup storage consumed by all snapshots for a Neptune DB cluster outside its backup retention window, in bytes Bytes Multi DBClusterIdentifier
SnapshotStorageUsed Bytes Multi Region, EngineName
SparqlRequestsPerSec The number of requests per second to the SPARQL engine Count/Second Multi DBClusterIdentifier Applicable
SparqlRequestsPerSec Count/Second Multi DBClusterIdentifier, Role Applicable
SparqlRequestsPerSec Count/Second Multi Region Applicable
SparqlRequestsPerSec Count/Second Multi Region, DBInstanceIdentifier Applicable
SparqlRequestsPerSec Count/Second Multi Region, DatabaseClass Applicable
SparqlRequestsPerSec Count/Second Multi Region, EngineName Applicable
TotalBackupStorageBilled The total amount of backup storage for which you are billed for a given Neptune DB cluster, in bytes Bytes Multi DBClusterIdentifier
TotalBackupStorageBilled Bytes Multi Region, EngineName
TotalClientErrorsPerSec The total number per second of requests that errored out because of client-side issues Count/Second Multi DBClusterIdentifier Applicable
TotalClientErrorsPerSec Count/Second Multi DBClusterIdentifier, Role Applicable
TotalClientErrorsPerSec Count/Second Multi Region Applicable
TotalClientErrorsPerSec Count/Second Multi Region, DBInstanceIdentifier Applicable
TotalClientErrorsPerSec Count/Second Multi Region, DatabaseClass Applicable
TotalClientErrorsPerSec Count/Second Multi Region, EngineName Applicable
TotalRequestsPerSec The total number of requests per second to the server from all sources Count/Second Multi DBClusterIdentifier Applicable
TotalRequestsPerSec Count/Second Multi DBClusterIdentifier, Role Applicable
TotalRequestsPerSec Count/Second Multi Region Applicable
TotalRequestsPerSec Count/Second Multi Region, DBInstanceIdentifier Applicable
TotalRequestsPerSec Count/Second Multi Region, DatabaseClass Applicable
TotalRequestsPerSec Count/Second Multi Region, EngineName Applicable
TotalServerErrorsPerSec The total number per second of requests that errored out on the server because of internal failures Count/Second Multi DBClusterIdentifier Applicable
TotalServerErrorsPerSec Count/Second Multi DBClusterIdentifier, Role Applicable
TotalServerErrorsPerSec Count/Second Multi Region Applicable
TotalServerErrorsPerSec Count/Second Multi Region, DBInstanceIdentifier Applicable
TotalServerErrorsPerSec Count/Second Multi Region, DatabaseClass Applicable
TotalServerErrorsPerSec Count/Second Multi Region, EngineName Applicable
VolumeBytesUsed The total amount of storage allocated to your Neptune DB cluster, in bytes. This is the amount of storage for which you are billed. It is the maximum amount of storage allocated to your DB cluster at any point in its existence, not the amount you are currently using. Bytes Multi DBClusterIdentifier Applicable
VolumeBytesUsed The amount of storage used by your Neptune DB instance, in bytes. Bytes Multi Region, EngineName Applicable
VolumeBytesLeftTotal The remaining available space for the cluster volume, as measured in bytes Bytes Multi DBClusterIdentifier Applicable
VolumeBytesLeftTotal Bytes Multi Region Applicable
VolumeBytesLeftTotal Bytes Multi Region, EngineName Applicable
VolumeReadIOPs The average number of billed read I/O operations from a cluster volume, reported at 5-minute intervals. Bytes Multi DBClusterIdentifier Applicable
VolumeReadIOPs Bytes Multi Region, EngineName Applicable
VolumeWriteIOPs The average number of write disk I/O operations to the cluster volume, reported at 5-minute intervals Bytes Multi DBClusterIdentifier Applicable
VolumeWriteIOPs Bytes Multi Region, EngineName Applicable

Source: aws-service-opsworks.md


title: AWS OpsWorks monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-opsworks scraped: 2026-02-16T09:34:40.144616


AWS OpsWorks monitoring

AWS OpsWorks monitoring

  • How-to guide
  • 4-min read
  • Published Sep 08, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS OpsWorks. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Opsdash

Available metrics

StackId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
cpu_idle The percentage of time that the CPU is idle Percent Multi StackId Applicable
cpu_idle Percent Multi Region, InstanceId Applicable
cpu_idle Percent Multi Region, LayerId Applicable
cpu_nice The percentage of time that the CPU is handling processes with a positive nice value, which have a lower scheduling priority Percent Multi StackId Applicable
cpu_nice Percent Multi Region, InstanceId
cpu_nice Percent Multi Region, LayerId
cpu_steal The percentage of time that an instance is waiting for the hypervisor to allocate physical CPU resources Percent Multi StackId Applicable
cpu_steal Percent Multi Region, InstanceId Applicable
cpu_steal Percent Multi Region, LayerId Applicable
cpu_system The percentage of time that the CPU is handling system operations Percent Multi StackId Applicable
cpu_system Percent Multi Region, InstanceId
cpu_system Percent Multi Region, LayerId
cpu_user The percentage of time that the CPU is handling user operations Percent Multi StackId Applicable
cpu_user Percent Multi Region, InstanceId Applicable
cpu_user Percent Multi Region, LayerId Applicable
cpu_waitio The percentage of time that the CPU is waiting for input/output operations Percent Multi StackId Applicable
cpu_waitio Percent Multi Region, InstanceId
cpu_waitio Percent Multi Region, LayerId
load_1 The load averaged over a one-minute window None Multi StackId
load_1 None Multi Region, InstanceId
load_1 None Multi Region, LayerId
load_5 The load averaged over a five-minute window None Multi StackId Applicable
load_5 None Multi Region, InstanceId Applicable
load_5 None Multi Region, LayerId Applicable
load_15 The load averaged over a 15-minute window None Multi StackId
load_15 None Multi Region, InstanceId
load_15 None Multi Region, LayerId
memory_buffers The amount of buffered memory None Multi StackId Applicable
memory_buffers None Multi Region, InstanceId
memory_buffers None Multi Region, LayerId
memory_cached The amount of cached memory None Multi StackId Applicable
memory_cached None Multi Region, InstanceId
memory_cached None Multi Region, LayerId
memory_free The amount of free memory None Multi StackId Applicable
memory_free None Multi Region, InstanceId Applicable
memory_free None Multi Region, LayerId Applicable
memory_swap The amount of swap space None Multi StackId Applicable
memory_swap None Multi Region, InstanceId
memory_swap None Multi Region, LayerId
memory_total The total amount of memory None Multi StackId Applicable
memory_total None Multi Region, InstanceId Applicable
memory_total None Multi Region, LayerId Applicable
memory_used The amount of memory in use None Multi StackId Applicable
memory_used None Multi Region, InstanceId Applicable
memory_used None Multi Region, LayerId Applicable
procs The number of active processes None Multi StackId Applicable
procs None Multi Region, InstanceId Applicable
procs None Multi Region, LayerId Applicable

Source: aws-service-polly.md


title: Amazon Polly monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-polly scraped: 2026-02-17T05:04:41.380587


Amazon Polly monitoring

Amazon Polly monitoring

  • How-to guide
  • 2-min read
  • Published Jul 21, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Polly. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

For Amazon Polly, there are no instances (custom devices) on the custom device group overview page, the service itself being just an API that you can call. The service metrics are under the Further details section of the custom device group overview page, split By Operation and Region.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Polly dash

Available metrics

Name Description Unit Statistics Dimensions Recommended
4XXCount HTTP 400 level error code returned upon an error Count Average Region, Operation Applicable
4XXCount Count Sum Region, Operation Applicable
4XXCount Count Count Region, Operation
2XXCount HTTP 200 level code returned upon a successful response Count Average Region, Operation Applicable
2XXCount Count Sum Region, Operation Applicable
2XXCount Count Count Region, Operation
5XXCount HTTP 500 level error code returned upon an error Count Average Region, Operation Applicable
5XXCount Count Sum Region, Operation Applicable
5XXCount Count Count Region, Operation
RequestCharacters The number of characters in the request Count Multi Region, Operation Applicable
RequestCharacters Count Sum Region, Operation Applicable
RequestCharacters Count Count Region, Operation
ResponseLatency The latency between the time when the request was made and the start of the streaming response Milliseconds Multi Region, Operation Applicable
ResponseLatency Count Count Region, Operation Applicable

Source: aws-service-quantum-ledger-database-qldb.md


title: Amazon QLDB (Quantum Ledger Database) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-quantum-ledger-database-qldb scraped: 2026-02-17T05:11:08.553130


Amazon QLDB (Quantum Ledger Database) monitoring

Amazon QLDB (Quantum Ledger Database) monitoring

  • How-to guide
  • 3-min read
  • Published Jul 21, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon QLDB. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

Amazon QLDB service shows on the custom device group page. The service is made up of instances (custom devices) called ledgers. You can view metrics for each custom device in the Further details section of the custom device overview page, split by Streams and Command types.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Qldb

Available metrics

About dimensions

  • LedgerName limits the data to a specific ledger. This value can be any ledger name in the current AWS Region and the current AWS account.
  • StreamId limits the data to a specific journal stream. This value can be any stream ID for a ledger in the current AWS Region and the current AWS account.
  • CommandType limits the data to one of the following QLDB data API commands: AbortTransaction, CommitTransaction, EndSession, ExecuteStatement, FetchPage, StartSession, StartTransaction.

LedgerName is the main dimension.

Name Description Unit Statistics Dimensions Recommended
CommandLatency The amount of time taken for data operations, reported in one-minute intervals Milliseconds Multi LedgerName, CommandType Applicable
IndexedStorage The total amount of disk space used by the ledger's tables, indexes, and indexed history, reported in 15-minute intervals Bytes Multi LedgerName Applicable
IsImpaired The flag that indicates if a journal stream to Kinesis Data Streams is impaired, reported in one-minute intervals Count Maximum LedgerName, StreamId Applicable
JournalStorage The total amount of disk space used by the ledger's journal, reported in 15-minute intervals Bytes Multi LedgerName Applicable
OccConflictExceptions The number of requests to QLDB that generate an OccConflictException Count Sum LedgerName Applicable
ReadIOs The number of disk read I/O operations, reported in one-minute intervals Count Sum LedgerName Applicable
ReadIOs Count Multi LedgerName Applicable
SessionRateExceededExceptions The number of requests to QLDB that generate a SessionRateExceededException Count Sum LedgerName Applicable
Session4xxExceptions The number of requests to QLDB that generate an HTTP 4xx error Count Sum LedgerName Applicable
Session5xxExceptions The number of requests to QLDB that generate an HTTP 5xx error Count Sum LedgerName Applicable
WriteIOs The number of disk write I/O operations, reported in one-minute intervals Count Sum LedgerName Applicable
WriteIOs Count Multi LedgerName Applicable

Source: aws-service-rekognition.md


title: Amazon Rekognition monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-rekognition scraped: 2026-02-17T05:05:33.082660


Amazon Rekognition monitoring

Amazon Rekognition monitoring

  • How-to guide
  • 2-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Rekognition. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Rekognition

Available metrics

Name Description Unit Statistics Dimensions Recommended
DetectedFaceCount The number of faces detected with the IndexFaces or DetectFaces operation Count Sum Region, Operation Applicable
DetectedFaceCount Count Sum Region Applicable
DetectedLabelCount The number of labels detected with the DetectLabels operation Count Sum Region, Operation Applicable
DetectedLabelCount Count Sum Region
ResponseTime The time in milliseconds for Rekognition to compute the response Milliseconds Multi Region, Operation Applicable
ResponseTime Milliseconds Multi Region Applicable
ServerErrorCount The number of server errors. The response code range for a server error is 500-599. Count Sum Region, Operation Applicable
ServerErrorCount Count Sum Region Applicable
SuccessfulRequestCount The number of successful requests. The response code range for a successful request is 200-299. Count Sum Region, Operation Applicable
SuccessfulRequestCount Count Sum Region Applicable
ThrottledCount The number of throttled requests Count Sum Region, Operation Applicable
ThrottledCount Count Sum Region Applicable
UserErrorCount The number of user errors (such as invalid parameters, invalid image, or no permission). The response code range for a user error is 400-499. Count Sum Region, Operation Applicable
UserErrorCount Count Sum Region Applicable

Source: aws-service-relational-database-service-rds-new.md


title: Amazon RDS (Relational Database Service) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-relational-database-service-rds-new scraped: 2026-02-17T04:59:45.780568


Amazon RDS (Relational Database Service) monitoring

Amazon RDS (Relational Database Service) monitoring

  • How-to guide
  • 31-min read
  • Updated on Nov 15, 2023

For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon RDS. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

You can also view metrics in the Dynatrace web UI on dashboards. There is no preset dashboard available for this service, but you can create your own dashboard.

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Available metrics

This service monitors a part of Amazon RDS (AWS/RDS). While you have this service configured, you can't have Amazon RDS (built-in) service turned on.

DBInstanceIdentifier is the main dimension.

Name Description Dimensions Unit Recommended
Aurora_pq_request_not_chosen_tx_isolation Region, DatabaseClass Count
Aurora_pq_request_not_chosen_tx_isolation Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_tx_isolation Region Count
Aurora_pq_request_not_chosen_tx_isolation Region, EngineName Count
Aurora_pq_request_not_chosen_tx_isolation Region, DBClusterIdentifier, Role Count
SumBinaryLogSize Region, DatabaseClass Count
SumBinaryLogSize Region, DBClusterIdentifier Count
SumBinaryLogSize Region Count
SumBinaryLogSize Region, EngineName Count
SumBinaryLogSize Region, DBClusterIdentifier, Role Count
DeleteThroughput DBInstanceIdentifier Count/Second
Deadlocks Region, DatabaseClass Count/Second
Deadlocks Region, DBClusterIdentifier Count/Second
Deadlocks Region Count/Second
Deadlocks Region, EngineName Count/Second
Deadlocks Region, DBClusterIdentifier, Role Count/Second
Aurora_pq_request_not_chosen_column_bit Region, DatabaseClass Count
Aurora_pq_request_not_chosen_column_bit Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_column_bit Region Count
Aurora_pq_request_not_chosen_column_bit Region, EngineName Count
Aurora_pq_request_not_chosen_column_bit Region, DBClusterIdentifier, Role Count
TotalBackupStorageBilled Region, DBClusterIdentifier Bytes
TotalBackupStorageBilled Region, EngineName Bytes
DeleteLatency Region, DatabaseClass Milliseconds
DeleteLatency Region, DBClusterIdentifier Milliseconds
DeleteLatency Region Milliseconds
DeleteLatency Region, EngineName Milliseconds
DeleteLatency Region, DBClusterIdentifier, Role Milliseconds
Aurora_pq_request_not_chosen_high_buffer_pool_pct DBInstanceIdentifier Count
DDLLatency Region, DatabaseClass Milliseconds
DDLLatency Region, DBClusterIdentifier Milliseconds
DDLLatency Region Milliseconds
DDLLatency Region, EngineName Milliseconds
DDLLatency Region, DBClusterIdentifier, Role Milliseconds
DMLLatency Region, DatabaseClass Milliseconds
DMLLatency Region, DBClusterIdentifier Milliseconds
DMLLatency Region Milliseconds
DMLLatency Region, EngineName Milliseconds
DMLLatency Region, DBClusterIdentifier, Role Milliseconds
DDLThroughput Region, DatabaseClass Count/Second
DDLThroughput Region, DBClusterIdentifier Count/Second
DDLThroughput Region Count/Second
DDLThroughput Region, EngineName Count/Second
DDLThroughput Region, DBClusterIdentifier, Role Count/Second
CommitThroughput Region, DatabaseClass Count/Second
CommitThroughput Region, DBClusterIdentifier Count/Second
CommitThroughput Region Count/Second
CommitThroughput Region, EngineName Count/Second
CommitThroughput Region, DBClusterIdentifier, Role Count/Second
ForwardingReplicaReadWaitLatency DBInstanceIdentifier Count
Aurora_pq_request_not_chosen_custom_charset Region, DatabaseClass Count
Aurora_pq_request_not_chosen_custom_charset Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_custom_charset Region Count
Aurora_pq_request_not_chosen_custom_charset Region, EngineName Count
Aurora_pq_request_not_chosen_custom_charset Region, DBClusterIdentifier, Role Count
BlockedTransactions Region, DatabaseClass Count/Second
BlockedTransactions Region, DBClusterIdentifier Count/Second
BlockedTransactions Region Count/Second
BlockedTransactions Region, EngineName Count/Second
BlockedTransactions Region, DBClusterIdentifier, Role Count/Second
EBSIOBalance% The percentage of I/O credits remaining in the burst bucket of your RDS database. This metric is available for basic Region, DatabaseClass Percent
EBSIOBalance% Region, DBClusterIdentifier Percent
EBSIOBalance% Region Percent
EBSIOBalance% Region, EngineName Percent Applicable
EBSIOBalance% Region, DBClusterIdentifier, Role Percent
SwapUsage The amount of swap space used on the DB instance. Region, DatabaseClass Bytes
SwapUsage Region, DBClusterIdentifier Bytes
SwapUsage Region Bytes
SwapUsage Region, EngineName Bytes
SwapUsage Region, DBClusterIdentifier, Role Bytes
ForwardingReplicaDMLThroughput DBInstanceIdentifier Count
Aurora_pq_request_attempted DBInstanceIdentifier Count
LoginFailures Region, DatabaseClass Count/Second
LoginFailures Region, DBClusterIdentifier Count/Second
LoginFailures Region Count/Second
LoginFailures Region, EngineName Count/Second
LoginFailures Region, DBClusterIdentifier, Role Count/Second
NetworkTransmitThroughput The outgoing (transmit) network traffic on the DB instance, including both customer database traffic and Amazon RDS Region, DatabaseClass Bytes/Second
NetworkTransmitThroughput Region, DBClusterIdentifier Bytes/Second
NetworkTransmitThroughput Region Bytes/Second
NetworkTransmitThroughput Region, EngineName Bytes/Second
NetworkTransmitThroughput Region, DBClusterIdentifier, Role Bytes/Second
NumBinaryLogFiles Region, DatabaseClass Count
NumBinaryLogFiles Region, DBClusterIdentifier Count
NumBinaryLogFiles Region Count
NumBinaryLogFiles Region, EngineName Count
NumBinaryLogFiles Region, DBClusterIdentifier, Role Count
DBLoadCPU DBInstanceIdentifier None
Aurora_pq_request_failed DBInstanceIdentifier Count
BlockedTransactions DBInstanceIdentifier Count/Second
ForwardingReplicaReadWaitThroughput DBInstanceIdentifier Count
ReadThroughput The average number of bytes read from disk per second. Region, DatabaseClass Bytes/Second
ReadThroughput Region Bytes/Second
ReadThroughput Region, EngineName Bytes/Second
Aurora_pq_request_not_chosen_long_trx Region, DatabaseClass Count
Aurora_pq_request_not_chosen_long_trx Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_long_trx Region Count
Aurora_pq_request_not_chosen_long_trx Region, EngineName Count
Aurora_pq_request_not_chosen_long_trx Region, DBClusterIdentifier, Role Count
DeleteThroughput Region, DatabaseClass Count/Second
DeleteThroughput Region, DBClusterIdentifier Count/Second
DeleteThroughput Region Count/Second
DeleteThroughput Region, EngineName Count/Second
DeleteThroughput Region, DBClusterIdentifier, Role Count/Second
DBLoadCPU Region None
CommitLatency Region, DatabaseClass Milliseconds
CommitLatency Region, DBClusterIdentifier Milliseconds
CommitLatency Region Milliseconds
CommitLatency Region, EngineName Milliseconds
CommitLatency Region, DBClusterIdentifier, Role Milliseconds
ForwardingReplicaOpenSessions Region, DatabaseClass Count
ForwardingReplicaOpenSessions Region, DBClusterIdentifier Count
ForwardingReplicaOpenSessions Region Count
ForwardingReplicaOpenSessions Region, EngineName Count
ForwardingReplicaOpenSessions Region, DBClusterIdentifier, Role Count
BackupRetentionPeriodStorageUsed Region, DBClusterIdentifier Bytes
BackupRetentionPeriodStorageUsed Region, EngineName Bytes
InsertLatency Region, DatabaseClass Milliseconds
InsertLatency Region, DBClusterIdentifier Milliseconds
InsertLatency Region Milliseconds
InsertLatency Region, EngineName Milliseconds
InsertLatency Region, DBClusterIdentifier, Role Milliseconds
DMLThroughput Region, DatabaseClass Count/Second
DMLThroughput Region, DBClusterIdentifier Count/Second
DMLThroughput Region Count/Second
DMLThroughput Region, EngineName Count/Second
DMLThroughput Region, DBClusterIdentifier, Role Count/Second
Aurora_pq_request_attempted Region, DatabaseClass Count
Aurora_pq_request_attempted Region, DBClusterIdentifier Count
Aurora_pq_request_attempted Region Count
Aurora_pq_request_attempted Region, EngineName Count
Aurora_pq_request_attempted Region, DBClusterIdentifier, Role Count
DiskQueueDepth The number of outstanding I/Os (read/write requests) waiting to access the disk. Region, DatabaseClass Count
DiskQueueDepth Region Count
DiskQueueDepth Region, EngineName Count Applicable
Aurora_pq_request_not_chosen_temporary_table Region, DatabaseClass Count
Aurora_pq_request_not_chosen_temporary_table Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_temporary_table Region Count
Aurora_pq_request_not_chosen_temporary_table Region, EngineName Count
Aurora_pq_request_not_chosen_temporary_table Region, DBClusterIdentifier, Role Count
BinLogDiskUsage The amount of disk space occupied by binary logs. If automatic backups are enabled for MySQL and MariaDB instances, Region, DatabaseClass Bytes
BinLogDiskUsage Region Bytes
BinLogDiskUsage Region, EngineName Bytes Applicable
BinLogDiskUsage Region, EngineName Bytes
ForwardingWriterDMLThroughput Region, DatabaseClass Count
ForwardingWriterDMLThroughput Region, DBClusterIdentifier Count
ForwardingWriterDMLThroughput Region Count
ForwardingWriterDMLThroughput Region, EngineName Count
ForwardingWriterDMLThroughput Region, DBClusterIdentifier, Role Count
Queries DBInstanceIdentifier Count/Second
Aurora_pq_request_not_chosen_unsupported_access Region, DatabaseClass Count
Aurora_pq_request_not_chosen_unsupported_access Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_unsupported_access Region Count
Aurora_pq_request_not_chosen_unsupported_access Region, EngineName Count
Aurora_pq_request_not_chosen_unsupported_access Region, DBClusterIdentifier, Role Count
AuroraSlowConnectionHandleCount Region, DatabaseClass Count
AuroraSlowConnectionHandleCount Region, DBClusterIdentifier Count
AuroraSlowConnectionHandleCount Region Count
AuroraSlowConnectionHandleCount Region, EngineName Count
AuroraSlowConnectionHandleCount Region, DBClusterIdentifier, Role Count
Aurora_pq_request_not_chosen_column_geometry Region, DatabaseClass Count
Aurora_pq_request_not_chosen_column_geometry Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_column_geometry Region Count
Aurora_pq_request_not_chosen_column_geometry Region, EngineName Count
Aurora_pq_request_not_chosen_column_geometry Region, DBClusterIdentifier, Role Count
CommitThroughput DBInstanceIdentifier Count/Second
RollbackSegmentHistoryListLength Region, DatabaseClass Count
RollbackSegmentHistoryListLength Region, DBClusterIdentifier Count
RollbackSegmentHistoryListLength Region Count
RollbackSegmentHistoryListLength Region, EngineName Count
RollbackSegmentHistoryListLength Region, DBClusterIdentifier, Role Count
SelectLatency Region, DatabaseClass Milliseconds
SelectLatency Region, DBClusterIdentifier Milliseconds
SelectLatency Region Milliseconds
SelectLatency Region, EngineName Milliseconds
SelectLatency Region, DBClusterIdentifier, Role Milliseconds
ForwardingReplicaDMLLatency Region, DatabaseClass Count
ForwardingReplicaDMLLatency Region, DBClusterIdentifier Count
ForwardingReplicaDMLLatency Region Count
ForwardingReplicaDMLLatency Region, EngineName Count
ForwardingReplicaDMLLatency Region, DBClusterIdentifier, Role Count
StorageNetworkThroughput DBInstanceIdentifier Bytes/Second
Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool DBInstanceIdentifier Count
DatabaseConnections The number of client network connections to the database instance. Region, DatabaseClass Count
DatabaseConnections Region, DBClusterIdentifier Count
DatabaseConnections Region Count
DatabaseConnections Region, EngineName Count Applicable
DatabaseConnections Region, DBClusterIdentifier, Role Count
Aurora_pq_request_not_chosen_custom_charset DBInstanceIdentifier Count
Aurora_pq_request_not_chosen_small_table Region, DatabaseClass Count
Aurora_pq_request_not_chosen_small_table Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_small_table Region Count
Aurora_pq_request_not_chosen_small_table Region, EngineName Count
Aurora_pq_request_not_chosen_small_table Region, DBClusterIdentifier, Role Count
Aurora_pq_request_not_chosen_row_length_too_long Region, DatabaseClass Count
Aurora_pq_request_not_chosen_row_length_too_long Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_row_length_too_long Region Count
Aurora_pq_request_not_chosen_row_length_too_long Region, EngineName Count
Aurora_pq_request_not_chosen_row_length_too_long Region, DBClusterIdentifier, Role Count
EngineUptime Region, DatabaseClass Seconds
EngineUptime Region, DBClusterIdentifier Seconds
EngineUptime Region Seconds
EngineUptime Region, EngineName Seconds
EngineUptime Region, DBClusterIdentifier, Role Seconds
FreeStorageSpace The amount of available storage space. Region, DatabaseClass Bytes
FreeStorageSpace Region Bytes
FreeStorageSpace Region, EngineName Bytes Applicable
FreeStorageSpace Region, EngineName Bytes
Aurora_pq_request_not_chosen_column_lob Region, DatabaseClass Count
Aurora_pq_request_not_chosen_column_lob Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_column_lob Region Count
Aurora_pq_request_not_chosen_column_lob Region, EngineName Count
Aurora_pq_request_not_chosen_column_lob Region, DBClusterIdentifier, Role Count
AuroraVolumeBytesLeftTotal DBInstanceIdentifier Count
AbortedClients Region, DatabaseClass Count
AbortedClients Region, DBClusterIdentifier Count
AbortedClients Region Count
AbortedClients Region, EngineName Count
AbortedClients Region, DBClusterIdentifier, Role Count
BufferCacheHitRatio Region, DatabaseClass Percent
BufferCacheHitRatio Region, DBClusterIdentifier Percent
BufferCacheHitRatio Region Percent
BufferCacheHitRatio Region, EngineName Percent
BufferCacheHitRatio Region, DBClusterIdentifier, Role Percent
FreeLocalStorage DBInstanceIdentifier Bytes
AuroraSlowHandshakeCount Region, DatabaseClass Count
AuroraSlowHandshakeCount Region, DBClusterIdentifier Count
AuroraSlowHandshakeCount Region Count
AuroraSlowHandshakeCount Region, EngineName Count
AuroraSlowHandshakeCount Region, DBClusterIdentifier, Role Count
Aurora_pq_request_not_chosen_innodb_table_format Region, DatabaseClass Count
Aurora_pq_request_not_chosen_innodb_table_format Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_innodb_table_format Region Count
Aurora_pq_request_not_chosen_innodb_table_format Region, EngineName Count
Aurora_pq_request_not_chosen_innodb_table_format Region, DBClusterIdentifier, Role Count
ForwardingWriterDMLLatency DBInstanceIdentifier Count
Queries Region, DatabaseClass Count/Second
Queries Region, DBClusterIdentifier Count/Second
Queries Region Count/Second
Queries Region, EngineName Count/Second
Queries Region, DBClusterIdentifier, Role Count/Second
EBSByteBalance% The percentage of throughput credits remaining in the burst bucket of your RDS database. This metric is available Region, DatabaseClass Percent
EBSByteBalance% Region, DBClusterIdentifier Percent
EBSByteBalance% Region Percent
EBSByteBalance% Region, EngineName Percent Applicable
EBSByteBalance% Region, DBClusterIdentifier, Role Percent
ActiveTransactions Region, DatabaseClass Count/Second
ActiveTransactions Region, DBClusterIdentifier Count/Second
ActiveTransactions Region Count/Second
ActiveTransactions Region, EngineName Count/Second
ActiveTransactions Region, DBClusterIdentifier, Role Count/Second
InsertThroughput Region, DatabaseClass Count/Second
InsertThroughput Region, DBClusterIdentifier Count/Second
InsertThroughput Region Count/Second
InsertThroughput Region, EngineName Count/Second
InsertThroughput Region, DBClusterIdentifier, Role Count/Second
ForwardingWriterOpenSessions Region, DatabaseClass Count
ForwardingWriterOpenSessions Region, DBClusterIdentifier Count
ForwardingWriterOpenSessions Region Count
ForwardingWriterOpenSessions Region, EngineName Count
ForwardingWriterOpenSessions Region, DBClusterIdentifier, Role Count
SwapUsage The amount of swap space used on the DB instance. DBInstanceIdentifier Bytes
VolumeReadIOPs Region, DbClusterIdentifier, EngineName Count
VolumeReadIOPs Region, DBClusterIdentifier Count
VolumeReadIOPs Region, EngineName Count
ForwardingWriterDMLThroughput DBInstanceIdentifier Count
AuroraVolumeBytesLeftTotal Region, DatabaseClass Count
AuroraVolumeBytesLeftTotal Region, DBClusterIdentifier Count
AuroraVolumeBytesLeftTotal Region Count
AuroraVolumeBytesLeftTotal Region, EngineName Count
AuroraVolumeBytesLeftTotal Region, DBClusterIdentifier, Role Count
Aurora_pq_request_not_chosen_no_where_clause Region, DatabaseClass Count
Aurora_pq_request_not_chosen_no_where_clause Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_no_where_clause Region Count
Aurora_pq_request_not_chosen_no_where_clause Region, EngineName Count
Aurora_pq_request_not_chosen_no_where_clause Region, DBClusterIdentifier, Role Count
VolumeBytesUsed Region, DbClusterIdentifier, EngineName Bytes
VolumeBytesUsed Region, DBClusterIdentifier Bytes
VolumeBytesUsed Region, EngineName Bytes
Aurora_pq_request_not_chosen_range_scan DBInstanceIdentifier Count
UpdateLatency Region, DatabaseClass Milliseconds
UpdateLatency Region, DBClusterIdentifier Milliseconds
UpdateLatency Region Milliseconds
UpdateLatency Region, EngineName Milliseconds
UpdateLatency Region, DBClusterIdentifier, Role Milliseconds
UpdateThroughput Region, DatabaseClass Count/Second
UpdateThroughput Region, DBClusterIdentifier Count/Second
UpdateThroughput Region Count/Second
UpdateThroughput Region, EngineName Count/Second
UpdateThroughput Region, DBClusterIdentifier, Role Count/Second
CPUUtilization The percentage of CPU utilization. Region, DatabaseClass Percent
CPUUtilization Region, DBClusterIdentifier Percent
CPUUtilization Region Percent
CPUUtilization Region, EngineName Percent Applicable
CPUUtilization Region, DBClusterIdentifier, Role Percent
Aurora_pq_request_in_progress Region, DatabaseClass Count
Aurora_pq_request_in_progress Region, DBClusterIdentifier Count
Aurora_pq_request_in_progress Region Count
Aurora_pq_request_in_progress Region, EngineName Count
Aurora_pq_request_in_progress Region, DBClusterIdentifier, Role Count
ForwardingReplicaDMLThroughput Region, DatabaseClass Count
ForwardingReplicaDMLThroughput Region, DBClusterIdentifier Count
ForwardingReplicaDMLThroughput Region Count
ForwardingReplicaDMLThroughput Region, EngineName Count
ForwardingReplicaDMLThroughput Region, DBClusterIdentifier, Role Count
LVMWriteIOPS Region, DatabaseClass Count/Second
LVMWriteIOPS Region Count/Second
LVMWriteIOPS Region, EngineName Count/Second Applicable
ForwardingReplicaSelectThroughput Region, DatabaseClass Count
ForwardingReplicaSelectThroughput Region, DBClusterIdentifier Count
ForwardingReplicaSelectThroughput Region Count
ForwardingReplicaSelectThroughput Region, EngineName Count
ForwardingReplicaSelectThroughput Region, DBClusterIdentifier, Role Count
Aurora_pq_request_failed Region, DatabaseClass Count
Aurora_pq_request_failed Region, DBClusterIdentifier Count
Aurora_pq_request_failed Region Count
Aurora_pq_request_failed Region, EngineName Count
Aurora_pq_request_failed Region, DBClusterIdentifier, Role Count
Aurora_pq_request_not_chosen_range_scan Region, DatabaseClass Count
Aurora_pq_request_not_chosen_range_scan Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_range_scan Region Count
Aurora_pq_request_not_chosen_range_scan Region, EngineName Count
Aurora_pq_request_not_chosen_range_scan Region, DBClusterIdentifier, Role Count
EngineUptime DBInstanceIdentifier Seconds
Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool Region, DatabaseClass Count
Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool Region Count
Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool Region, EngineName Count
Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool Region, DBClusterIdentifier, Role Count
Aurora_pq_request_not_chosen Region, DatabaseClass Count
Aurora_pq_request_not_chosen Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen Region Count
Aurora_pq_request_not_chosen Region, EngineName Count
Aurora_pq_request_not_chosen Region, DBClusterIdentifier, Role Count
ConnectionAttempts The number of attempts to connect to an instance, whether successful or not. Region, DatabaseClass Count
ConnectionAttempts Region, DBClusterIdentifier Count
ConnectionAttempts Region Count
ConnectionAttempts Region, EngineName Count
ConnectionAttempts Region, DBClusterIdentifier, Role Count
ForwardingWriterOpenSessions DBInstanceIdentifier Count
NetworkThroughput Region, DatabaseClass Bytes/Second
NetworkThroughput Region, DBClusterIdentifier Bytes/Second
NetworkThroughput Region Bytes/Second
NetworkThroughput Region, EngineName Bytes/Second
NetworkThroughput Region, DBClusterIdentifier, Role Bytes/Second
RollbackSegmentHistoryListLength DBInstanceIdentifier Count
SnapshotStorageUsed Region, DBClusterIdentifier Bytes
SnapshotStorageUsed Region, EngineName Bytes
AuroraBinlogReplicaLag Region, DatabaseClass Seconds
AuroraBinlogReplicaLag Region, DBClusterIdentifier Seconds
AuroraBinlogReplicaLag Region Seconds
AuroraBinlogReplicaLag Region, EngineName Seconds
AuroraBinlogReplicaLag Region, DBClusterIdentifier, Role Seconds
ForwardingReplicaSelectLatency Region, DatabaseClass Count
ForwardingReplicaSelectLatency Region, DBClusterIdentifier Count
ForwardingReplicaSelectLatency Region Count
ForwardingReplicaSelectLatency Region, EngineName Count
ForwardingReplicaSelectLatency Region, DBClusterIdentifier, Role Count
LVMReadIOPS Region, DatabaseClass Count/Second
LVMReadIOPS Region Count/Second
LVMReadIOPS Region, EngineName Count/Second Applicable
Aurora_pq_request_not_chosen_index_hint DBInstanceIdentifier Count
FreeLocalStorage Region, DatabaseClass Bytes
FreeLocalStorage Region, DBClusterIdentifier Bytes
FreeLocalStorage Region Bytes
FreeLocalStorage Region, EngineName Bytes
FreeLocalStorage Region, DBClusterIdentifier, Role Bytes
StorageNetworkReceiveThroughput Region, DatabaseClass Bytes/Second
StorageNetworkReceiveThroughput Region, DBClusterIdentifier Bytes/Second
StorageNetworkReceiveThroughput Region Bytes/Second
StorageNetworkReceiveThroughput Region, EngineName Bytes/Second
StorageNetworkReceiveThroughput Region, DBClusterIdentifier, Role Bytes/Second
Aurora_pq_request_executed Region, DatabaseClass Count
Aurora_pq_request_executed Region, DBClusterIdentifier Count
Aurora_pq_request_executed Region Count
Aurora_pq_request_executed Region, EngineName Count
Aurora_pq_request_executed Region, DBClusterIdentifier, Role Count
ReadLatency The average amount of time taken per disk I/O operation. Region, DatabaseClass Seconds
ReadLatency Region, DBClusterIdentifier Seconds
ReadLatency Region Seconds
ReadLatency Region, EngineName Seconds
ReadLatency Region, DBClusterIdentifier, Role Seconds
Aurora_pq_request_not_chosen_update_delete_stmts Region, DatabaseClass Count
Aurora_pq_request_not_chosen_update_delete_stmts Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_update_delete_stmts Region Count
Aurora_pq_request_not_chosen_update_delete_stmts Region, EngineName Count
Aurora_pq_request_not_chosen_update_delete_stmts Region, DBClusterIdentifier, Role Count
FreeableMemory The amount of available random access memory. DBInstanceIdentifier Bytes Applicable
FreeableMemory DBInstanceIdentifier Bytes
FreeableMemory DBInstanceIdentifier Bytes
Aurora_pq_request_not_chosen_below_min_rows Region, DatabaseClass Count
Aurora_pq_request_not_chosen_below_min_rows Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_below_min_rows Region Count
Aurora_pq_request_not_chosen_below_min_rows Region, EngineName Count
Aurora_pq_request_not_chosen_below_min_rows Region, DBClusterIdentifier, Role Count
AuroraSlowConnectionHandleCount DBInstanceIdentifier Count
StorageNetworkThroughput Region, DatabaseClass Bytes/Second
StorageNetworkThroughput Region, DBClusterIdentifier Bytes/Second
StorageNetworkThroughput Region Bytes/Second
StorageNetworkThroughput Region, EngineName Bytes/Second
StorageNetworkThroughput Region, DBClusterIdentifier, Role Bytes/Second
ActiveTransactions DBInstanceIdentifier Count/Second
Aurora_pq_request_not_chosen_column_virtual Region, DatabaseClass Count
Aurora_pq_request_not_chosen_column_virtual Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_column_virtual Region Count
Aurora_pq_request_not_chosen_column_virtual Region, EngineName Count
Aurora_pq_request_not_chosen_column_virtual Region, DBClusterIdentifier, Role Count
LoginFailures DBInstanceIdentifier Count/Second
ForwardingReplicaReadWaitThroughput Region, DatabaseClass Count
ForwardingReplicaReadWaitThroughput Region, DBClusterIdentifier Count
ForwardingReplicaReadWaitThroughput Region Count
ForwardingReplicaReadWaitThroughput Region, EngineName Count
ForwardingReplicaReadWaitThroughput Region, DBClusterIdentifier, Role Count
SelectLatency DBInstanceIdentifier Milliseconds
VolumeWriteIOPs Region, DbClusterIdentifier, EngineName Count
VolumeWriteIOPs Region, DBClusterIdentifier Count
VolumeWriteIOPs Region, EngineName Count
Aurora_pq_request_not_chosen_full_text_index Region, DatabaseClass Count
Aurora_pq_request_not_chosen_full_text_index Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_full_text_index Region Count
Aurora_pq_request_not_chosen_full_text_index Region, EngineName Count
Aurora_pq_request_not_chosen_full_text_index Region, DBClusterIdentifier, Role Count
AuroraBinlogReplicaLag DBInstanceIdentifier Seconds
RowLockTime Region, DatabaseClass Count
RowLockTime Region, DBClusterIdentifier Count
RowLockTime Region Count
RowLockTime Region, EngineName Count
RowLockTime Region, DBClusterIdentifier, Role Count
Aurora_pq_request_not_chosen_column_bit DBInstanceIdentifier Count
Aurora_pq_request_not_chosen_high_buffer_pool_pct Region, DatabaseClass Count
Aurora_pq_request_not_chosen_high_buffer_pool_pct Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_high_buffer_pool_pct Region Count
Aurora_pq_request_not_chosen_high_buffer_pool_pct Region, EngineName Count
Aurora_pq_request_not_chosen_high_buffer_pool_pct Region, DBClusterIdentifier, Role Count
ForwardingWriterDMLLatency Region, DatabaseClass Count
ForwardingWriterDMLLatency Region, DBClusterIdentifier Count
ForwardingWriterDMLLatency Region Count
ForwardingWriterDMLLatency Region, EngineName Count
ForwardingWriterDMLLatency Region, DBClusterIdentifier, Role Count
Aurora_pq_request_not_chosen_index_hint Region, DatabaseClass Count
Aurora_pq_request_not_chosen_index_hint Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_index_hint Region Count
Aurora_pq_request_not_chosen_index_hint Region, EngineName Count
Aurora_pq_request_not_chosen_index_hint Region, DBClusterIdentifier, Role Count
CommitLatency DBInstanceIdentifier Milliseconds
ForwardingReplicaSelectLatency DBInstanceIdentifier Count
ReadIOPS The average number of disk read I/O operations per second. Region, DatabaseClass Count/Second
ReadIOPS Region Count/Second
ReadIOPS Region, EngineName Count/Second
StorageNetworkTransmitThroughput DBInstanceIdentifier Bytes/Second
Aurora_pq_request_not_chosen_innodb_table_format DBInstanceIdentifier Count
WriteLatency The average amount of time taken per disk I/O operation. Region, DatabaseClass Seconds
WriteLatency Region, DBClusterIdentifier Seconds
WriteLatency Region Seconds
WriteLatency Region, EngineName Seconds
WriteLatency Region, DBClusterIdentifier, Role Seconds
SelectThroughput Region, DatabaseClass Count/Second
SelectThroughput Region, DBClusterIdentifier Count/Second
SelectThroughput Region Count/Second
SelectThroughput Region, EngineName Count/Second
SelectThroughput Region, DBClusterIdentifier, Role Count/Second
Aurora_pq_request_not_chosen DBInstanceIdentifier Count
FreeableMemory The amount of available random access memory. Region, DatabaseClass Bytes
FreeableMemory Region, DBClusterIdentifier Bytes
FreeableMemory Region Bytes
FreeableMemory Region, EngineName Bytes Applicable
FreeableMemory Region, DBClusterIdentifier, Role Bytes
FreeableMemory Region, EngineName Bytes
ReadLatency The average amount of time taken per disk I/O operation. DBInstanceIdentifier Seconds Applicable
DMLLatency DBInstanceIdentifier Milliseconds
NetworkReceiveThroughput The incoming (receive) network traffic on the DB instance, including both customer database traffic and Amazon RDS DBInstanceIdentifier Bytes/Second Applicable
Aurora_pq_request_not_chosen_unsupported_access DBInstanceIdentifier Count
UpdateLatency DBInstanceIdentifier Milliseconds
DBLoad DBInstanceIdentifier None
Aurora_pq_request_not_chosen_row_length_too_long DBInstanceIdentifier Count
BinLogDiskUsage The amount of disk space occupied by binary logs. If automatic backups are enabled for MySQL and MariaDB instances, DBInstanceIdentifier Bytes Applicable
BinLogDiskUsage DBInstanceIdentifier Bytes
Aurora_pq_request_not_chosen_no_where_clause DBInstanceIdentifier Count
DDLLatency DBInstanceIdentifier Milliseconds
SumBinaryLogSize DBInstanceIdentifier Count
Aurora_pq_request_not_chosen_below_min_rows DBInstanceIdentifier Count
Aurora_pq_request_in_progress DBInstanceIdentifier Count
DatabaseConnections The number of client network connections to the database instance. DBInstanceIdentifier Count Applicable
CPUUtilization The percentage of CPU utilization. DBInstanceIdentifier Percent Applicable
ForwardingReplicaReadWaitLatency Region, DatabaseClass Count
ForwardingReplicaReadWaitLatency Region, DBClusterIdentifier Count
ForwardingReplicaReadWaitLatency Region Count
ForwardingReplicaReadWaitLatency Region, EngineName Count
ForwardingReplicaReadWaitLatency Region, DBClusterIdentifier, Role Count
AbortedClients DBInstanceIdentifier Count
ReadThroughput The average number of bytes read from disk per second. DBInstanceIdentifier Bytes/Second
Aurora_pq_request_not_chosen_column_virtual DBInstanceIdentifier Count
Aurora_pq_request_throttled Region, DatabaseClass Count
Aurora_pq_request_throttled Region, DBClusterIdentifier Count
Aurora_pq_request_throttled Region Count
Aurora_pq_request_throttled Region, EngineName Count
Aurora_pq_request_throttled Region, DBClusterIdentifier, Role Count
AuroraDMLRejectedWriterFull Region, DatabaseClass Count
AuroraDMLRejectedWriterFull Region, DBClusterIdentifier Count
AuroraDMLRejectedWriterFull Region Count
AuroraDMLRejectedWriterFull Region, EngineName Count
AuroraDMLRejectedWriterFull Region, DBClusterIdentifier, Role Count
ForwardingReplicaDMLLatency DBInstanceIdentifier Count
WriteThroughput The average number of bytes written to disk per second. DBInstanceIdentifier Bytes/Second
DiskQueueDepth The number of outstanding I/Os (read/write requests) waiting to access the disk. DBInstanceIdentifier Count Applicable
Aurora_pq_request_not_chosen_full_text_index DBInstanceIdentifier Count
ForwardingReplicaOpenSessions DBInstanceIdentifier Count
StorageNetworkTransmitThroughput Region, DatabaseClass Bytes/Second
StorageNetworkTransmitThroughput Region, DBClusterIdentifier Bytes/Second
StorageNetworkTransmitThroughput Region Bytes/Second
StorageNetworkTransmitThroughput Region, EngineName Bytes/Second
StorageNetworkTransmitThroughput Region, DBClusterIdentifier, Role Bytes/Second
Aurora_pq_request_not_chosen_long_trx DBInstanceIdentifier Count
Aurora_pq_request_not_chosen_temporary_table DBInstanceIdentifier Count
RowLockTime DBInstanceIdentifier Count
Aurora_pq_request_not_chosen_tx_isolation DBInstanceIdentifier Count
NetworkReceiveThroughput The incoming (receive) network traffic on the DB instance, including both customer database traffic and Amazon RDS Region, DatabaseClass Bytes/Second
NetworkReceiveThroughput Region, DBClusterIdentifier Bytes/Second
NetworkReceiveThroughput Region Bytes/Second
NetworkReceiveThroughput Region, EngineName Bytes/Second Applicable
NetworkReceiveThroughput Region, DBClusterIdentifier, Role Bytes/Second
Aurora_pq_request_not_chosen_small_table DBInstanceIdentifier Count
DBLoadNonCPU DBInstanceIdentifier None
WriteIOPS The average number of disk write I/O operations per second. Region, DatabaseClass Count/Second
WriteIOPS Region Count/Second
WriteIOPS Region, EngineName Count/Second
Aurora_pq_request_not_chosen_column_lob DBInstanceIdentifier Count
BurstBalance The percent of General Purpose SSD (gp2) burst-bucket I/O credits available. DBInstanceIdentifier Percent Applicable
Aurora_pq_request_not_chosen_instant_ddl Region, DatabaseClass Count
Aurora_pq_request_not_chosen_instant_ddl Region, DBClusterIdentifier Count
Aurora_pq_request_not_chosen_instant_ddl Region Count
Aurora_pq_request_not_chosen_instant_ddl Region, EngineName Count
Aurora_pq_request_not_chosen_instant_ddl Region, DBClusterIdentifier, Role Count
DMLThroughput DBInstanceIdentifier Count/Second
WriteIOPS The average number of disk write I/O operations per second. DBInstanceIdentifier Count/Second
WriteThroughput The average number of bytes written to disk per second. Region, DatabaseClass Bytes/Second
WriteThroughput Region Bytes/Second
WriteThroughput Region, EngineName Bytes/Second
BufferCacheHitRatio DBInstanceIdentifier Percent
ConnectionAttempts The number of attempts to connect to an instance, whether successful or not. DBInstanceIdentifier Count
NetworkTransmitThroughput The outgoing (transmit) network traffic on the DB instance, including both customer database traffic and Amazon RDS DBInstanceIdentifier Bytes/Second
Aurora_pq_request_executed DBInstanceIdentifier Count
UpdateThroughput DBInstanceIdentifier Count/Second
ForwardingReplicaSelectThroughput DBInstanceIdentifier Count
StorageNetworkReceiveThroughput DBInstanceIdentifier Bytes/Second
DeleteLatency DBInstanceIdentifier Milliseconds
DDLThroughput DBInstanceIdentifier Count/Second
ReadIOPS The average number of disk read I/O operations per second. DBInstanceIdentifier Count/Second
EBSByteBalance% The percentage of throughput credits remaining in the burst bucket of your RDS database. This metric is available DBInstanceIdentifier Percent Applicable
NetworkThroughput DBInstanceIdentifier Bytes/Second
DBLoad Region None
Deadlocks DBInstanceIdentifier Count/Second
AuroraSlowHandshakeCount DBInstanceIdentifier Count
Aurora_pq_request_throttled DBInstanceIdentifier Count
LVMReadIOPS DBInstanceIdentifier Count/Second Applicable
NumBinaryLogFiles DBInstanceIdentifier Count
EBSIOBalance% The percentage of I/O credits remaining in the burst bucket of your RDS database. This metric is available for basic DBInstanceIdentifier Percent Applicable
BurstBalance The percent of General Purpose SSD (gp2) burst-bucket I/O credits available. Region, DatabaseClass Percent
BurstBalance Region Percent
BurstBalance Region, EngineName Percent Applicable
FreeStorageSpace The amount of available storage space. DBInstanceIdentifier Bytes Applicable
FreeStorageSpace DBInstanceIdentifier Bytes
FreeStorageSpace DBInstanceIdentifier Bytes
DBLoadNonCPU Region None
AuroraDMLRejectedWriterFull DBInstanceIdentifier Count
InsertLatency DBInstanceIdentifier Milliseconds
Aurora_pq_request_not_chosen_instant_ddl DBInstanceIdentifier Count
Aurora_pq_request_not_chosen_update_delete_stmts DBInstanceIdentifier Count
SelectThroughput DBInstanceIdentifier Count/Second
InsertThroughput DBInstanceIdentifier Count/Second
Aurora_pq_request_not_chosen_column_geometry DBInstanceIdentifier Count
WriteLatency The average amount of time taken per disk I/O operation. DBInstanceIdentifier Seconds Applicable
LVMWriteIOPS DBInstanceIdentifier Count/Second Applicable

Source: aws-service-robomaker.md


title: AWS RoboMaker monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-robomaker scraped: 2026-02-16T21:26:46.627591


AWS RoboMaker monitoring

AWS RoboMaker monitoring

  • How-to guide
  • 1-min read
  • Published Jul 23, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS RoboMaker. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Robo dash

Available metrics

SimulationJobId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
Memory The amount of Memory, in GB, used by the SimulationJob Gigabytes Multi SimulationJobId Applicable
RealTimeFactor The ratio of the amount of time that was simulated versus wall clock time Count Multi SimulationJobId Applicable
SimulationUnit SimulationUnit is calculated based on vCPU and memory consumption of the Simulation Job Count Multi SimulationJobId Applicable
SimulationUnit Count Sum SimulationJobId Applicable
vCPU The number of virtual CPU cores used by the simulation job Count Multi SimulationJobId Applicable

Limitations

The vCPU, Memory, and SimulationUnit metrics are for estimation purposes. AWS RoboMaker emits metrics while preparing to run a simulation job. Charges do not accrue until the simulation job is in the Running state. For more information, see AWS documentation.


Source: aws-service-route-53-resolver.md


title: Amazon Route 53 Resolver monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-route-53-resolver scraped: 2026-02-17T05:06:56.052096


Amazon Route 53 Resolver monitoring

Amazon Route 53 Resolver monitoring

  • How-to guide
  • 2-min read
  • Published Sep 08, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Route 53 Resolver. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Route 53 is a global service; hosted zone metrics (for example, DNSQueries) are available only in the us-east-1 region. To get hosted zone metrics, credentials must have at least following permissions set for the us-east-1 region:

  • "ec2:DescribeAvailabilityZones"
  • "cloudwatch:GetMetricData"
  • "cloudwatch:ListMetrics"

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

53 resolver

Available metrics

EndpointId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
EndpointHealthyENICount The number of elastic network interfaces in the OPERATIONAL status. Count Multi EndpointId
EndpointUnHealthyENICount The number of elastic network interfaces in the AUTO_RECOVERING status. Count Multi EndpointId
InboundQueryVolume The number of DNS queries forwarded from your network to your VPCs through the endpoint specified by EndpointId (for inbound endpoints) Count Sum EndpointId Applicable
InboundQueryVolume Count Sum Region Applicable
InboundQueryVolume Count Sum Region, RniId
OutboundQueryAggregateVolume The total number of DNS queries forwarded from Amazon VPCs to your network (for outbound endpoints) Count Sum Region
OutboundQueryAggregateVolume Count Sum Region, RniId
OutboundQueryAggregateVolume Count Sum EndpointId Applicable
OutboundQueryVolume The number of DNS queries forwarded from your VPCs to your network through the endpoint specified by EndpointId (for outbound endpoints) Count Sum EndpointId Applicable
OutboundQueryVolume Count Sum Region Applicable

Source: aws-service-simple-workflow-service-swf.md


title: Amazon SWF (Simple Workflow Service) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-simple-workflow-service-swf scraped: 2026-02-16T21:31:52.303070


Amazon SWF (Simple Workflow Service) monitoring

Amazon SWF (Simple Workflow Service) monitoring

  • How-to guide
  • 4-min read
  • Published Sep 08, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Simple Workflow Service (Amazon SWF). You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Swf

Available metrics

Domain is the main dimension.

Name Description Unit Statistics Dimensions Recommended
ActivityTaskScheduleToCloseTime The time interval, in milliseconds, between the time when the activity was scheduled and when it closed Milliseconds Multi Domain, ActivityTypeName, ActivityTypeVersion Applicable
ActivityTaskScheduleToStartTime The time interval, in milliseconds, between the time when the activity task was scheduled and when it started Milliseconds Multi Domain, ActivityTypeName, ActivityTypeVersion Applicable
ActivityTaskStartToCloseTime The time interval, in milliseconds, between the time when the activity task started and when it closed Milliseconds Multi Domain, ActivityTypeName, ActivityTypeVersion Applicable
ActivityTasksCanceled The count of activity tasks that were canceled Count Sum Domain, ActivityTypeName, ActivityTypeVersion
ActivityTasksCompleted The count of activity tasks that completed Count Sum Domain, ActivityTypeName, ActivityTypeVersion
ActivityTasksFailed The count of activity tasks that failed Count Sum Domain, ActivityTypeName, ActivityTypeVersion
ConsumedCapacity The count of requests per second Count Sum Region, APIName
ConsumedCapacity Count Sum Region, DecisionName Applicable
DecisionTaskScheduleToStartTime The time interval, in milliseconds, between the time that the decision task was scheduled and when it was picked up by a worker and started Milliseconds Multi Domain, WorkflowTypeName, WorkflowTypeVersion Applicable
DecisionTaskStartToCloseTime The time interval, in milliseconds, between the time that the decision task was started and when it closed Milliseconds Multi Domain, WorkflowTypeName, WorkflowTypeVersion Applicable
DecisionTasksCompleted The count of decision tasks that have been completed Count Sum Domain, WorkflowTypeName, WorkflowTypeVersion
PendingTasks The count of pending tasks in a one minute interval for a specific task list Count Sum Domain
ProvisionedBucketSize The count of available requests per second Count Minimum Region, APIName
ProvisionedBucketSize Count Minimum Region, DecisionName
ProvisionedRefillRate The count of requests per second that are allowed into the bucket Count Minimum Region, APIName
ProvisionedRefillRate Count Minimum Region, DecisionName
ScheduledActivityTasksTimedOutOnClose The count of activity tasks that were scheduled but timed out on close Count Sum Domain, ActivityTypeName, ActivityTypeVersion
ScheduledActivityTasksTimedOutOnStart The count of activity tasks that were scheduled but timed out on start Count Sum Domain, ActivityTypeName, ActivityTypeVersion
StartedActivityTasksTimedOutOnClose The count of activity tasks that were started but timed out on close Count Sum Domain, ActivityTypeName, ActivityTypeVersion
StartedActivityTasksTimedOutOnHeartbeat The count of activity tasks that were started but timed out due to a heartbeat timeout Count Sum Domain, ActivityTypeName, ActivityTypeVersion
StartedDecisionTasksTimedOutOnClose The count of decision tasks that started but timed out on closing Count Sum Domain, WorkflowTypeName, WorkflowTypeVersion
ThrottledEvents The count of requests that have been throttled Count Sum Region, APIName
ThrottledEvents Count Sum Region, DecisionName Applicable
WorkflowStartToCloseTime The time, in milliseconds, between the time the workflow started and when it closed Milliseconds Multi Domain, WorkflowTypeName, WorkflowTypeVersion Applicable
WorkflowsCanceled The count of workflows that were canceled Count Sum Domain, WorkflowTypeName, WorkflowTypeVersion Applicable
WorkflowsCompleted The count of workflows that completed Count Sum Domain, WorkflowTypeName, WorkflowTypeVersion Applicable
WorkflowsContinuedAsNew The count of workflows that continued as new Count Sum Domain, WorkflowTypeName, WorkflowTypeVersion Applicable
WorkflowsFailed The count of workflows that failed Count Sum Domain, WorkflowTypeName, WorkflowTypeVersion Applicable
WorkflowsTerminated The count of workflows that were terminated Count Sum Domain, WorkflowTypeName, WorkflowTypeVersion Applicable
WorkflowsTimedOut The count of workflows that timed out, for any reason Count Sum Domain, WorkflowTypeName, WorkflowTypeVersion Applicable

Source: aws-service-site-to-site-vpn.md


title: AWS Site-to-Site VPN monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-site-to-site-vpn scraped: 2026-02-17T05:06:49.126504


AWS Site-to-Site VPN monitoring

AWS Site-to-Site VPN monitoring

  • How-to guide
  • 1-min read
  • Published Jul 23, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Site-to-Site VPN. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

AWS vpn

Available metrics

VpnId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
TunnelDataIn The bytes received through the VPN tunnel Bytes Sum VpnId Applicable
TunnelDataIn Bytes Sum Region Applicable
TunnelDataIn Bytes Sum Region, TunnelIpAddress
TunnelDataOut The bytes sent through the VPN tunnel Bytes Sum VpnId Applicable
TunnelDataOut Bytes Sum Region Applicable
TunnelDataOut Bytes Sum Region, TunnelIpAddress
TunnelState The state of the tunnel. For static VPNs, 0 indicates DOWN and 1 indicates UP. For BGP VPNs, 1 indicates ESTABLISHED and 0 is used for all other states Count Multi Region Applicable
TunnelState Count Multi Region, TunnelIpAddress
TunnelState Count Multi VpnId Applicable

Source: aws-service-step-functions.md


title: AWS Step Functions monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-step-functions scraped: 2026-02-15T21:29:21.606384


AWS Step Functions monitoring

AWS Step Functions monitoring

  • How-to guide
  • 5-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Step Functions. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Step

Available metrics

Name Description Unit Statistics Dimensions Recommended
ActivitiesFailed The number of failed activities Count Sum Region, ActivityArn Applicable
ActivitiesHeartbeatTimedOut The number of activities that time out due to a heartbeat timeout Count Sum Region, ActivityArn Applicable
ActivitiesScheduled The number of scheduled activities Count Sum Region, ActivityArn Applicable
ActivitiesStarted The number of started activities Count Sum Region, ActivityArn
ActivitiesSucceeded The number of successfully completed activities Count Sum Region, ActivityArn Applicable
ActivitiesTimedOut The number of activities that time out on close Count Sum Region, ActivityArn Applicable
ActivityRunTime The interval, in milliseconds, between the time the activity starts and the time it closes Milliseconds Multi Region, ActivityArn Applicable
ActivityScheduleTime The interval, in milliseconds, for which the activity stays in the schedule state Milliseconds Multi Region, ActivityArn
ActivityTime The interval, in milliseconds, between the time the activity is scheduled and the time it closes Milliseconds Multi Region, ActivityArn
ConsumedCapacity The count of requests per second Count Sum Region, ServiceMetric Applicable
ConsumedCapacity Count Sum Region, APIName Applicable
ExecutionThrottled The number of StateEntered events and retries that have been throttled Count Sum Region, StateMachineArn Applicable
ExecutionTime The interval, in milliseconds, between the time the execution starts and the time it closes Milliseconds Multi Region, StateMachineArn Applicable
ExecutionsAborted The number of aborted or terminated executions Count Sum Region, StateMachineArn Applicable
ExecutionsFailed The number of failed executions Count Sum Region, StateMachineArn Applicable
ExecutionsStarted The number of started executions Count Sum Region, StateMachineArn Applicable
ExecutionsSucceeded The number of successfully completed executions Count Sum Region, StateMachineArn Applicable
ExecutionsTimedOut The number of executions that time out for any reason Count Sum Region, StateMachineArn Applicable
LambdaFunctionRunTime The interval, in milliseconds, between the time the Lambda function starts and the time it closes Milliseconds Multi Region, LambdaFunctionArn Applicable
LambdaFunctionScheduleTime The interval, in milliseconds, for which the Lambda function stays in the schedule state Milliseconds Multi Region, LambdaFunctionArn
LambdaFunctionTime The interval, in milliseconds, between the time the Lambda function is scheduled and the time it closes Milliseconds Multi Region, LambdaFunctionArn
LambdaFunctionsFailed The number of failed Lambda functions Count Sum Region, LambdaFunctionArn Applicable
LambdaFunctionsScheduled The number of scheduled Lambda functions Count Sum Region, LambdaFunctionArn Applicable
LambdaFunctionsStarted The number of started Lambda functions Count Sum Region, LambdaFunctionArn
LambdaFunctionsSucceeded The number of successfully completed Lambda functions Count Sum Region, LambdaFunctionArn Applicable
LambdaFunctionsTimedOut The number of Lambda functions that time out on close Count Sum Region, LambdaFunctionArn Applicable
ProvisionedBucketSize The count of available requests per second Count Multi Region, ServiceMetric
ProvisionedBucketSize Count Multi Region, APIName
ProvisionedRefillRate The count of requests per second that are allowed into the bucket Count Multi Region, ServiceMetric
ProvisionedRefillRate Count Multi Region, APIName
ServiceIntegrationRunTime The interval, in milliseconds, between the time the service task starts and the time it closes Milliseconds Multi Region, ServiceIntegrationResourceArn Applicable
ServiceIntegrationScheduleTime The interval, in milliseconds, for which the service task stays in the schedule state Milliseconds Multi Region, ServiceIntegrationResourceArn
ServiceIntegrationTime The interval, in milliseconds, between the time the service task is scheduled and the time it closes Milliseconds Multi Region, ServiceIntegrationResourceArn
ServiceIntegrationsFailed The number of failed service tasks Count Sum Region, ServiceIntegrationResourceArn Applicable
ServiceIntegrationsScheduled The number of scheduled service tasks. Count Sum Region, ServiceIntegrationResourceArn Applicable
ServiceIntegrationsStarted The number of started service tasks Count Sum Region, ServiceIntegrationResourceArn
ServiceIntegrationsSucceeded The number of successfully completed service tasks Count Sum Region, ServiceIntegrationResourceArn Applicable
ServiceIntegrationsTimedOut The number of service tasks that time out on close Count Sum Region, ServiceIntegrationResourceArn Applicable
ThrottledEvents The count of requests that have been throttled Count Sum Region, ServiceMetric Applicable
ThrottledEvents Count Sum Region, APIName Applicable

Limitations

Dynatrace gathers metrics for AWS Step Functions at the custom device group level instead of the custom device level (metrics are service-wide).


Source: aws-service-storage-gateway.md


title: AWS Storage Gateway monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-storage-gateway scraped: 2026-02-15T09:13:09.758595


AWS Storage Gateway monitoring

AWS Storage Gateway monitoring

  • How-to guide
  • 6-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Storage Gateway. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Gateway

Available metrics

GatewayName is the main dimension.

Name Description Unit Statistics Dimensions Recommended
CacheFree The total number of bytes available in the gateway's cache storage Bytes Sum GatewayName, GatewayId Applicable
CacheHitPercent Percentage of application reads served from the cache Percent Multi Region, ShareId Applicable
CacheHitPercent Percent Multi Region, VolumeId Applicable
CacheHitPercent Percent Multi GatewayName, GatewayId Applicable
CachePercentDirty Percentage of the cache that is dirty—that is, it contains content that has not been uploaded to AWS Percent Multi Region, ShareId Applicable
CachePercentDirty Percent Multi Region, VolumeId Applicable
CachePercentDirty Percent Multi GatewayName, GatewayId Applicable
CachePercentUsed Percentage of the gateway's cache storage being used Percent Multi Region, ShareId Applicable
CachePercentUsed Percent Multi Region, VolumeId Applicable
CachePercentUsed Percent Multi GatewayName, GatewayId Applicable
CacheUsed The total number of bytes being used in the gateway's cache storage Bytes Sum GatewayName, GatewayId Applicable
CloudBytesDownloaded The total number of bytes that the gateway sent to the cloud during the reporting period. This metric includes the activity of all the volumes on the gateway. Bytes Sum Region, ShareId Applicable
CloudBytesDownloaded Bytes Count Region, ShareId
CloudBytesDownloaded Bytes Sum GatewayName, GatewayId Applicable
CloudBytesDownloaded Bytes Count GatewayName, GatewayId
CloudBytesUploaded The total number of bytes that the gateway sent to the cloud during the reporting period Bytes Sum Region, ShareId Applicable
CloudBytesUploaded Bytes Count Region, ShareId
CloudBytesUploaded Bytes Sum GatewayName, GatewayId
CloudBytesUploaded Bytes Count GatewayName, GatewayId
CloudDownloadLatency The latency in downloading the data from the cloud to the gateway Milliseconds Multi GatewayName, GatewayId
IndexFetches The number of files for which metadata was fetched Count Sum Region, ShareId Applicable
IndexFetches Count Sum GatewayName, GatewayId Applicable
IoWaitPercent Percentage of time that the gateway is waiting on a response from the local disk Percent Multi GatewayName Applicable
MemTotalBytes Amount of RAM provisioned to the gateway VM, in bytes Bytes Sum GatewayName Applicable
MemUsedBytes Amount of RAM currently in use by the gateway VM, in bytes Bytes Sum GatewayName Applicable
NfsSessions The number of NFS session that are active on the gateway Count Sum GatewayName Applicable
QueuedWrites The number of bytes waiting to be written to AWS, sampled at the end of the reporting period for all volumes in the gateway Bytes Sum Region, VolumeId Applicable
QueuedWrites Bytes Sum GatewayName, GatewayId Applicable
ReadBytes The total number of bytes read from your on-premises applications in the reporting period for all volumes in the gateway Bytes Sum Region, VolumeId Applicable
ReadBytes Bytes Count Region, VolumeId
ReadBytes Bytes Sum GatewayName, GatewayId Applicable
ReadBytes Bytes Count GatewayName, GatewayId
ReadTime The total number of milliseconds spent on read operations from your on-premises applications in the reporting period for all volumes in the gateway Milliseconds Multi Region, VolumeId Applicable
ReadTime Milliseconds Multi GatewayNam, GatewayIde Applicable
SmbV1Sessions The number of Server Message Block (SMB) version 1 sessions that are active on the gateway Count Sum GatewayName
SmbV2Sessions The number of SMB version 2 sessions that are active on the gateway Count Sum GatewayName
SmbV3Sessions The number of SMB version 3 sessions that are active on the gateway Count Sum GatewayName
TimeSinceLastRecoveryPoint The time since the last available recovery point Seconds Multi Region, VolumeId Applicable
TimeSinceLastRecoveryPoint Seconds Multi GatewayName, GatewayId
TotalCacheSize The total size of the cache in bytes Bytes Sum GatewayName, GatewayId Applicable
UploadBufferFree Bytes Sum GatewayName, GatewayId Applicable
UploadBufferPercentUsed Percentage of the gateway's upload buffer used Percent Multi GatewayName, GatewayId Applicable
UploadBufferUsed The total number of bytes being used in the gateway's upload buffer Bytes Sum GatewayName, GatewayId Applicable
UserCpuPercent Percentage of CPU time spent on gateway processing, averaged across all cores Percent Multi GatewayName
WorkingStorageFree The total amount of unused space in the gateway's working storage Bytes Sum GatewayName, GatewayId Applicable
WorkingStoragePercentUsed Percentage of the gateway's upload buffer used Percent Multi GatewayName, GatewayId Applicable
WorkingStorageUsed The total number of bytes being used in the gateway's upload buffer Bytes Sum GatewayName, GatewayId Applicable
WriteBytes The total number of bytes written to your on-premises applications in the reporting period for all volumes in the gateway Bytes Sum Region, VolumeId Applicable
WriteBytes Bytes Count Region, VolumeId
WriteBytes Bytes Sum GatewayName, GatewayId Applicable
WriteBytes Bytes Count GatewayName, GatewayId
WriteTime The total number of milliseconds spent on write operations from your on-premises applications in the reporting period for all volumes in the gateway Milliseconds Multi Region, VolumeId Applicable
WriteTime Milliseconds Multi GatewayName, GatewayId Applicable

Source: aws-service-systems-manager-run-command.md


title: AWS Systems Manager Run Command monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-systems-manager-run-command scraped: 2026-02-17T05:10:37.945827


AWS Systems Manager Run Command monitoring

AWS Systems Manager Run Command monitoring

  • How-to guide
  • 1-min read
  • Published Sep 08, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Systems Manager Run Command. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Sys man

Available metrics

Name Description Unit Statistics Dimensions Recommended
CommandsDeliveryTimedOut The number of commands that have a terminal status of Delivery Timed Out Count Sum Region Applicable
CommandsFailed The number of commands that have a terminal status of Failed Count Sum Region Applicable
CommandsSucceeded The number of commands that have a terminal status of Success Count Sum Region Applicable

Source: aws-service-transfer-family.md


title: AWS Transfer Family monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-transfer-family scraped: 2026-02-16T09:32:37.741553


AWS Transfer Family monitoring

AWS Transfer Family monitoring

  • How-to guide
  • 1-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Transfer Family. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Family

Available metrics

ServerId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
BytesIn The total number of bytes transferred into the server Bytes Sum ServerId Applicable
BytesOut The total number of bytes transferred out of the server Bytes Sum ServerId Applicable

Source: aws-service-transit-gateway.md


title: AWS Transit Gateway monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-transit-gateway scraped: 2026-02-17T05:11:52.881539


AWS Transit Gateway monitoring

AWS Transit Gateway monitoring

  • How-to guide
  • 3-min read
  • Published Sep 08, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Transit Gateway. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

TransitGateway is a cross-account service, meaning multiple accounts may monitor one TransitGateway. Dynatrace keeps metrics separate for each monitored account that monitors the same TransitGateway instance.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Transit

Available metrics

TransitGateway is the main dimension.

Name Description Unit Statistics Dimensions Recommended
BytesDropCountBlackhole The number of bytes dropped because they matched a black hole route Count Sum TransitGateway, TransitGatewayAttachment
BytesDropCountBlackhole Count Sum TransitGateway Applicable
BytesDropCountNoRoute The number of bytes dropped because they did not match a route Count Sum TransitGateway, TransitGatewayAttachment
BytesDropCountNoRoute Count Sum TransitGateway Applicable
BytesIn The number of bytes received by the transit gateway Bytes Sum TransitGateway, TransitGatewayAttachment
BytesIn Bytes Sum TransitGateway Applicable
BytesOut The number of packets sent by the transit gateway Bytes Sum TransitGateway, TransitGatewayAttachment
BytesOut Bytes Sum TransitGateway Applicable
IGMPJoins The number of IGMP Join messages received by the transit gateway Count Sum TransitGateway, TransitGatewayAttachment
IGMPQueries The number of IGMP Query messages received by the transit gateway Count Sum TransitGateway, TransitGatewayAttachment
IGMPReceives The number of IGMP Leave messages received by the transit gateway Count Sum TransitGateway, TransitGatewayAttachment
MulticastBytesIn The number of multicast bytes received by the transit gateway Bytes Sum TransitGateway, TransitGatewayAttachment
MulticastBytesOut The number of multicast bytes sent from the transit gateway Bytes Sum TransitGateway, TransitGatewayAttachment
MulticastPacketDropCount The number of multicast packets dropped Count Sum TransitGateway, TransitGatewayAttachment
MulticastPacketsIn The number of multicast packets received by the transit gateway Count Sum TransitGateway, TransitGatewayAttachment
MulticastPacketsOut The number of multicast packets sent by the transit gateway Count Sum TransitGateway, TransitGatewayAttachment
NumberofMulticastDomains The number of multicast domains configured on the transit gateway Count Sum TransitGateway
NumberofMulticastGroupMembers The number of multicast group members configured on the transit gateway Count Sum TransitGateway
PacketDropCountBlackhole The number of packets dropped because they matched a black hole route Count Sum TransitGateway, TransitGatewayAttachment
PacketDropCountBlackhole Count Sum TransitGateway Applicable
PacketDropCountNoRoute The number of packets dropped because they did not match a route Count Sum TransitGateway, TransitGatewayAttachment
PacketDropCountNoRoute Count Sum TransitGateway Applicable
PacketsIn The number of packets received by the transit gateway Count Sum TransitGateway, TransitGatewayAttachment
PacketsIn Count Sum TransitGateway Applicable
PacketsOut The number of packets sent by the transit gateway Count Sum TransitGateway, TransitGatewayAttachment
PacketsOut Count Sum TransitGateway Applicable

Source: aws-service-waf-classic.md


title: AWS WAF Classic monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-waf-classic scraped: 2026-02-16T09:33:15.529474


AWS WAF Classic monitoring

AWS WAF Classic monitoring

  • How-to guide
  • 2-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS WAF Classic. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Waf clas

Available metrics

WebACL is the main dimension.

Name Description Unit Statistics Dimensions Recommended
AllowedRequests The number of allowed web requests Count Sum WebACL, Region, Rule Applicable
AllowedRequests Count Sum WebACL, Region, RuleGroup Applicable
AllowedRequests Count Sum Region, Rule, RuleGroup Applicable
AllowedRequests Count Sum WebACL, Rule Applicable
AllowedRequests Count Sum WebACL, RuleGroup Applicable
BlockedRequests The number of blocked web requests Count Sum WebACL, Region, Rule Applicable
BlockedRequests Count Sum WebACL, Region, RuleGroup Applicable
BlockedRequests Count Sum Region, Rule, RuleGroup Applicable
BlockedRequests Count Sum WebACL, Rule Applicable
BlockedRequests Count Sum WebACL, RuleGroup Applicable
CountedRequests The number of counted web requests Count Sum WebACL, Region, Rule Applicable
CountedRequests Count Sum WebACL, Region, RuleGroup Applicable
CountedRequests Count Sum Region, Rule, RuleGroup Applicable
CountedRequests Count Sum WebACL, Rule Applicable
CountedRequests Count Sum WebACL, RuleGroup Applicable
PassedRequests The number of passed requests for a rule group Count Sum WebACL, Region, Rule Applicable
PassedRequests Count Sum WebACL, Region, RuleGroup Applicable
PassedRequests Count Sum Region, Rule, RuleGroup Applicable
PassedRequests Count Sum WebACL, Rule Applicable
PassedRequests Count Sum WebACL, RuleGroup Applicable

Limitations

Dynatrace entities of this AWS service are not enriched with the ARN property.


Source: aws-service-workmail.md


title: Amazon WorkMail monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-workmail scraped: 2026-02-17T05:09:47.232659


Amazon WorkMail monitoring

Amazon WorkMail monitoring

  • How-to guide
  • 1-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon WorkMail. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Workmail

Available metrics

OrganizationId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
IncomingEmailBounced The number of incoming emails that bounced due to full or nonexistent mailboxes Count Sum OrganizationId Applicable
MailboxEmailDelivered The number of emails delivered to individual mailboxes in your Amazon WorkMail organization Count Sum OrganizationId Applicable
OrganizationEmailReceived The number of emails received by your Amazon WorkMail organization Count Sum OrganizationId Applicable
OutgoingEmailBounced The number of outgoing emails that could not be delivered, counted for each intended recipient Count Sum OrganizationId Applicable
OutgoingEmailSent The number of emails successfully sent from your Amazon WorkMail organization Count Sum OrganizationId Applicable

Source: aws-service-workspaces.md


title: Amazon WorkSpaces monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-workspaces scraped: 2026-02-17T05:05:19.219701


Amazon WorkSpaces monitoring

Amazon WorkSpaces monitoring

  • How-to guide
  • 2-min read
  • Published Jul 06, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon WorkSpaces. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Workspace

Available metrics

WorkspaceId is the main dimension.

Name Description Unit Statistics Dimensions Recommended
Available The number of WorkSpaces that returned a healthy status Count Sum WorkspaceId Applicable
Available Count Sum Region, DirectoryId Applicable
ConnectionAttempt The number of connection attempts Count Sum WorkspaceId Applicable
ConnectionAttempt Count Sum Region, DirectoryId Applicable
ConnectionFailure The number of failed connections Count Sum WorkspaceId Applicable
ConnectionFailure Count Sum Region, DirectoryId Applicable
ConnectionSuccess The number of successful connections Count Sum WorkspaceId Applicable
ConnectionSuccess Count Sum Region, DirectoryId Applicable
InSessionLatency The round-trip time (RTT) between the WorkSpaces client and the WorkSpace Milliseconds Multi WorkspaceId Applicable
InSessionLatency Milliseconds Multi Region, DirectoryId Applicable
Maintenance The number of WorkSpaces that are under maintenance Count Sum WorkspaceId Applicable
Maintenance Count Sum Region, DirectoryId Applicable
SessionDisconnect The number of connections that were closed, including user-initiated and failed connections Count Sum WorkspaceId Applicable
SessionDisconnect Count Sum Region, DirectoryId Applicable
SessionLaunchTime The amount of time it takes to initiate a WorkSpaces session Seconds Multi WorkspaceId Applicable
SessionLaunchTime Seconds Multi Region, DirectoryId Applicable
Stopped The number of WorkSpaces that are stopped Count Sum WorkspaceId Applicable
Stopped Count Sum Region, DirectoryId Applicable
Unhealthy The number of WorkSpaces that returned an unhealthy status Count Sum WorkspaceId Applicable
Unhealthy Count Sum Region, DirectoryId Applicable
UserConnected The number of WorkSpaces that have a user connected Count Sum WorkspaceId
UserConnected Count Sum Region, DirectoryId Applicable

Source: aws-all-services.md


title: All AWS cloud services source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services scraped: 2026-02-17T04:48:43.873928


All AWS cloud services

All AWS cloud services

  • Overview
  • 12-min read
  • Updated on Feb 12, 2024

ActiveGate version 1.245+

With AWS monitoring integration, classic (formerly "built-in") services are monitored out-of-the-box. You can also monitor other AWS services that influence the performance of your AWS-hosted applications.

You can receive Amazon CloudWatch metrics for multiple predefined services. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards. You can reduce your CloudWatch costs and throttling by selecting which additional services to monitor. Additionally, for non-classic services, you can choose which metrics you want to monitor.

AWS cloud services monitored by default

As a result of AWS monitoring integration, some services are monitored out-of-the-box. Such services are marked as classic.

Amazon Dynamo Database (classic) Amazon EC2 (classic) Amazon EC2 Auto Scaling (classic) AWS Lambda (classic) AWS Application and Network Load Balancer (classic) Elastic Load Balancer (classic) Amazon S3 (classic) Amazon RDS (classic) Amazon EBS (classic)

For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.

Other AWS cloud services

In addition to cloud services monitored by default, you can monitor other AWS services that affect the performance of your AWS-hosted applications.

Amazon DynamoDB Amazon EBS AWS Lambda Amazon RDS AWS Certificate Manager Private Certificate Authority (ACM PCA) Amazon API Gateway Amazon AppStream 2.0 AWS AppSync AWS App Runner Amazon Athena Amazon Aurora AWS Billing AWS Chatbot Amazon CloudFront AWS CloudHSM (V2) Amazon CloudSearch Amazon CloudWatch Logs AWS API Usage AWS CodeBuild Amazon Cognito Amazon Connect AWS Database Migration Service (AWS DMS) AWS DataSync AWS Direct Connect Amazon DocumentDB Amazon DynamoDB Accelerator (DAX) Amazon EC2 API Amazon EC2 Auto Scaling Amazon EC2 Spot Fleet Amazon ECS Container Insights Amazon ElastiCache AWS Elastic Beanstalk Amazon Elastic Container Service (ECS) Amazon Elastic File System (EFS) Amazon Elastic Inference Amazon Elastic Kubernetes Service (EKS) Amazon Elastic MapReduce (EMR) Amazon Elasticsearch Service (ES) Amazon Elastic Transcoder AWS Elemental MediaConnect AWS Elemental MediaConvert AWS Elemental MediaPackage AWS Elemental MediaTailor Amazon EventBridge Amazon FSx Amazon GameLift AWS Glue Amazon Inspector AWS IoT AWS IoT Analytics AWS IoT Things Graph Amazon Keyspaces (Cassandra) Amazon Kinesis Amazon Lex Amazon MSK (Kafka) Amazon MQ Amazon Neptune AWS OpsWorks Amazon Polly Amazon QLDB Amazon Redshift Amazon Rekognition AWS RoboMaker Amazon Route 53 Amazon Route 53 Resolver Amazon SageMaker AWS Service Catalog Amazon Simple Email Service (SES) Amazon Simple Notification Service (SNS) Amazon Simple Queue Service (SQS) Amazon Simple Storage Service (S3) Amazon Simple Workflow Service (SWF) AWS Step Functions AWS Storage Gateway AWS Systems Manager Run Command Amazon Textract AWS Transfer Family AWS Transit Gateway Amazon Translate AWS Trusted Advisor Amazon VPC NAT Gateways AWS Site-to-Site VPN AWS WAF Classic AWS WAF Amazon WorkMail Amazon WorkSpaces

Cloud services with their respective Dynatrace entity types

Not all cloud services have Dynatrace entities created for them and can have tags imported from the cloud. Expand the table below to see cloud services with their respective Dynatrace entity types and to check if they have tags imported from the cloud provider.

List of AWS services with entities and tags

For each non-built-in service, the CUSTOM_DEVICE dimension is generated based on the main dimension

Service Cloud instance Tag monitoring and filtering Dynatrace entity type
Amazon EC2 Auto Scaling (built-in) AutoScalingGroupName Applicable AUTO_SCALING_GROUP
AWS Lambda (built-in) FunctionName Applicable AWS_LAMBDA_FUNCTION
Amazon Application and Network Load Balancer (built-in) LoadBalancer Applicable AWS_APPLICATION_LOAD_BALANCER
Amazon Application and Network Load Balancer (built-in) LoadBalancer Applicable AWS_NETWORK_LOAD_BALANCER
Amazon EBS (built-in) VolumeId Applicable EBS_VOLUME
Amazon EC2 (built-in) InstanceId Applicable EC2_INSTANCE
Amazon Elastic Load Balancer (ELB) (built-in) LoadBalancerName Applicable ELASTIC_LOAD_BALANCER
Amazon RDS (built-in) DBInstanceIdentifier Applicable RELATIONAL_DATABASE_SERVICE
AWS Certificate Manager Private Certificate Authority PrivateCAArn Applicable cloud:aws:acmprivateca
Amazon API Gateway ApiName Applicable cloud:aws:api_gateway
AWS App Runner ServiceName Applicable cloud:aws:app_runner
Amazon AppStream Fleet Applicable cloud:aws:appstream
AWS AppSync GraphQLAPIId Applicable cloud:aws:appsync
Amazon Athena WorkGroup Applicable cloud:aws:athena
Amazon Aurora DBClusterIdentifier Applicable cloud:aws:aurora
Amazon EC2 Auto Scaling AutoScalingGroupName - cloud:aws:autoscaling
Amazon CloudFront DistributionId Applicable cloud:aws:cloud_front
AWS CloudHSM ClusterId Applicable cloud:aws:cloudhsm
Amazon CloudSearch DomainName - cloud:aws:cloudsearch
AWS CodeBuild ProjectName Applicable cloud:aws:codebuild
AWS DataSync TaskId Applicable cloud:aws:datasync
Amazon DynamoDB Accelerator (DAX) ClusterId Applicable cloud:aws:dax
AWS Database Migration Service (AWS DMS) ReplicationInstanceIdentifier Applicable cloud:aws:dms
Amazon DocumentDB DBClusterIdentifier Applicable cloud:aws:documentdb
AWS Direct Connect ConnectionId Applicable cloud:aws:dxcon
Amazon DynamoDB TableName Applicable cloud:aws:dynamodb
Amazon EBS VolumeId Applicable cloud:aws:ebs
Amazon EC2 Spot Fleet FleetRequestId - cloud:aws:ec2_spot
Amazon Elastic Container Service (ECS) ClusterName Applicable cloud:aws:ecs
Amazon ECS Container Insights ClusterName Applicable cloud:aws:ecs:cluster
Amazon Elastic File System (EFS) FileSystemId Applicable cloud:aws:efs
Amazon Elastic Kubernetes Service (EKS) ClusterName Applicable cloud:aws:eks:cluster
Amazon ElastiCache (EC) CacheClusterId Applicable cloud:aws:elasticache
AWS Elastic Beanstalk EnvironmentName Applicable cloud:aws:elasticbeanstalk
Amazon Elastic Transcoder PipelineId - cloud:aws:elastictranscoder
Amazon Elasticsearch Service (ES) DomainName Applicable cloud:aws:es
Amazon EventBridge EventBusName Applicable cloud:aws:events
Amazon FSx FileSystemId Applicable cloud:aws:fsx
Amazon GameLift FleetId - cloud:aws:gamelift
AWS Glue JobName Applicable cloud:aws:glue
Amazon Inspector AssessmentTemplateArn Applicable cloud:aws:inspector
Amazon Managed Streaming for Kafka Cluster Name Applicable cloud:aws:kafka
AWS Lambda FunctionName Applicable cloud:aws:lambda
Amazon Lex BotName Applicable cloud:aws:lex
Amazon CloudWatch Logs LogGroupName Applicable cloud:aws:logs
AWS Elemental MediaTailor ConfigurationName Applicable cloud:aws:media_tailor
AWS Elemental MediaConnect FlowARN - cloud:aws:mediaconnect
AWS Elemental MediaPackage Live Channel Applicable cloud:aws:mediapackagelive
AWS Elemental MediaPackage Video on Demand PackagingConfiguration Applicable cloud:aws:mediapackagevod
Amazon VPC NAT Gateways NatGatewayId Applicable cloud:aws:nat_gateway
Amazon Neptune DBClusterIdentifier Applicable cloud:aws:neptune
AWS OpsWorks StackId Applicable cloud:aws:opsworks
Amazon QLDB LedgerName Applicable cloud:aws:qldb
Amazon RDS DBInstanceIdentifier Applicable cloud:aws:rds
Amazon Redshift ClusterIdentifier Applicable cloud:aws:redshift
AWS RoboMaker SimulationJobId Applicable cloud:aws:robomaker
Amazon Route 53 HostedZoneId Applicable cloud:aws:route53
Amazon Route 53 Resolver EndpointId Applicable cloud:aws:route53resolver
Amazon SageMaker Endpoints EndpointName Applicable cloud:aws:sage_maker:endpoint
Amazon SageMaker Endpoint Instances EndpointName Applicable cloud:aws:sage_maker:endpoint_instance
Amazon Simple Notification Service (SNS) TopicName Applicable cloud:aws:sns
Amazon Simple Queue Service (SQS) QueueName Applicable cloud:aws:sqs
AWS Storage Gateway GatewayName Applicable cloud:aws:storagegateway
Amazon SWF Domain - cloud:aws:swf
AWS Transfer Family ServerId Applicable cloud:aws:transfer
AWS Transit Gateway TransitGateway Applicable cloud:aws:transitgateway
AWS Site-to-Site VPN VpnId Applicable cloud:aws:vpn
Amazon WorkMail OrganizationId Applicable cloud:aws:workmail
Amazon WorkSpaces WorkspaceId Applicable cloud:aws:workspaces

Configuration API

To list all AWS-supported services on your cluster by the current version, use the AWS-supported services API.

Monitoring consumption

As of 2021, all cloud services consume DDUs. The amount of DDU consumption per service instance depends on the number of monitored metrics and their dimensions (each metric dimension results in the ingestion of 1 data point; 1 data point consumes 0.001 DDUs).


Source: aws-log-forwarder.md


title: Log monitoring with AWS log forwarder source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-logs-ingest/aws-log-forwarder scraped: 2026-02-17T05:04:39.407391


Log monitoring with AWS log forwarder

Log monitoring with AWS log forwarder

  • How-to guide
  • 13-min read
  • Updated on May 08, 2024
  • Deprecated

Deprecation and end of support for AWS log forwarder

The Dynatrace AWS log forwarder is now deprecated in favor of the new Stream logs via Amazon Data Firehose, which allows ingesting cloud logs directly without any additional infrastructure and with increased throughput. To check the available alternative integrations, see Set up Dynatrace on Amazon Web Services.

End of support for the Dynatrace AWS log forwarder is planned for Dec 31, 2024.

DDU consumption for Log Monitoring

DDU pricing applies to cloud Log Monitoring. See DDUs for Log Monitoring for details.

AWS log forwarding allows you to stream logs from Amazon CloudWatch into Dynatrace logs via an ActiveGate.

Resources needed

To enable AWS log forwarding, you need to deploy our special-purpose CloudFormation stack into your AWS account. The stack consists of a Kinesis Firehose instance and a Lambda function. These resources incur AWS costs according to standard AWS billing policy. The same applies to included self-monitoring resources (CloudWatch dashboards and metrics).

Supported services

Service name CloudWatch log forwarding Log enrichment Entity linking
AWS Lambda Applicable Applicable Applicable
AWS App Runner Applicable Applicable Applicable
AWS CloudTrail 1 Applicable Applicable -
Amazon API Gateway Applicable Applicable -
Amazon SNS Applicable Applicable Applicable
Amazon RDS Applicable Applicable Applicable
All services that write to CloudWatch Applicable Applicable -

1

AWS CloudTrail log group name is chosen by user. For log enrichment, start the log group name with aws-cloudtrail-logs.

Limitations

AWS log forwarder supports maximum 1 GB of data processing per hour in the default configuration.

  • To measure the throughput, look for these Kinesis metrics in CloudWatch or check the dashboards provided by the deployed stack: Delivery - log entries and Delivery - data volume.
  • To measure the latency, look for Kinesis - record age.

For scaling recommendations, see the scaling guide below.

Prerequisites

If you're using an earlier version of Dynatrace, see Alternative deployments for instructions.

Dynatrace

CLI

  • You can run the deployment from AWS CloudShell or from any machine with AWS CLI installed that supports Bash script execution.

The deployment script uses the default AWS CLI profile configuration. The profile will determine the AWS account and region. To change the account or region:

Permission policy

You need the following permissions to run the deployment script:

Permissions policy for deployment

{



"Version": "2012-10-17",



"Statement": [



{



"Effect": "Allow",



"Action": [



"cloudformation:CreateChangeSet",



"cloudformation:ExecuteChangeSet",



"cloudformation:DescribeChangeSet",



"cloudformation:DescribeStackEvents",



"cloudformation:DescribeStacks",



"cloudformation:GetTemplateSummary",



"ec2:DescribeImages",



"s3:CreateBucket",



"s3:PutLifecycleConfiguration",



"s3:PutBucketPublicAccessBlock",



"iam:GetRole",



"iam:CreateRole",



"iam:AttachRolePolicy",



"iam:PutRolePolicy",



"iam:GetRolePolicy",



"iam:PassRole",



"lambda:CreateFunction",



"lambda:UpdateFunctionCode",



"lambda:GetFunction",



"lambda:GetFunctionCodeSigningConfig",



"cloudwatch:PutDashboard",



"cloudwatch:GetDashboard",



"firehose:DescribeDeliveryStream",



"firehose:CreateDeliveryStream",



"firehose:ListTagsForDeliveryStream",



"logs:DeleteSubscriptionFilter",



"logs:DescribeLogGroups",



"logs:PutSubscriptionFilter",



"ssm:GetParameters"



],



"Resource": "*"



}



]



}

Deploy

  1. Set the following environment variables, making sure to replace the placeholders (<...>) with your own values.

  2. For TARGET_URL, enter your environment URL: https://<your_environment_ID>.live.dynatrace.com. To learn how to determine your environment ID for the SaaS or Managed deployment, see environment ID.

  3. For TARGET_API_TOKEN, enter your API token. For instructions, see Prerequisites.
  4. Optional For STACK_NAME, the default value is dynatrace-aws-logs. To provide another name for the CloudFormation stack where you want to deploy the resources, replace the default value with your own.

TARGET_URL=<your_environment_URL>



TARGET_API_TOKEN=<your_API_token>



STACK_NAME=dynatrace-aws-logs
2. Download the script and deploy the infrastructure.

wget -O dynatrace-aws-log-forwarder.zip https://github.com/dynatrace-oss/dynatrace-aws-log-forwarder/releases/latest/download/dynatrace-aws-log-forwarder.zip \



&& unzip -qo dynatrace-aws-log-forwarder.zip \



&& ./dynatrace-aws-logs.sh deploy --target-url $TARGET_URL --target-api-token $TARGET_API_TOKEN --stack-name $STACK_NAME --require-valid-certificate true

Subscribe to log groups

After deploying the infrastructure, you need to subscribe to the log groups whose logs you want to forward to Dynatrace.

To subscribe to log groups, you have the options described below.

Use parameter [--stack-name <your_stack_name>] in case you changed the default value during deployment.

Subscribe by listing log group names

Usage recommendation: Use this option if the number of log groups you'd like to subscribe to is small.

To subscribe: Run the command below, making sure to replace <your_log_group_list> with a space-separated list of the log group names you want to subscribe to.

Example list: /aws/lambda/my-lambda /aws/apigateway/my-api

./dynatrace-aws-logs.sh subscribe --log-groups <your_log_group_list>

Subscribe by reading log groups from file

Usage recommendation: Use this option if the number of log groups you'd like to subscribe to is large.

  1. Create a file and enter each log group name on a separate line.
  2. Save the file.
  3. Run the command below, making sure to replace <your_file_name> with the actual file name.
./dynatrace-aws-logs.sh subscribe --log-groups-from-file <your_file_name>

Log groups auto-discovery

To simplify file creation, you can use the auto-discovery command below to list the names of all log groups in your account. You can adjust the list manually before subscribing.

Be sure to replace <your_log_groups_file> with the name of the file to which you want to redirect the output.

./dynatrace-aws-logs.sh discover-log-groups > <your_log_groups_file>

Subscribe with a subscription filter pattern

Usage recommendation: By default, you subscribe to all the logs in the log group. Use this option if you want to restrict the logs you subscribe to. See Filter and Pattern Syntax for details on the pattern syntax.

Limitation: You can use only two subscription filters per log group, so the possibility of creating multiple filters with different patterns is limited. If you create a subscription filter that exceeds the limit, an AWS LimitExceededException occurs.

To subscribe: Run the command below, making sure to replace <your_log_group_list> and <your_filter_pattern> with your own values.

./dynatrace-aws-logs.sh subscribe --log-groups <your_log_group_list> --filter-pattern <your_filter_pattern>

Subscription usage and options

For additional subscription options, see the commands below.

Consult the Subscription table for the commands below when replacing placeholders (<...>) with your own values.

dynatrace-aws-logs.sh subscribe {--log-groups <your_log_group_list> | --log-groups-from-file <your_file_name>}



[--stack-name <your_stack_name>] [--filter-pattern <your_filter_pattern>] [--role-arn ROLE_ARN] [--firehose-arn FIREHOSE_ARN]

Subscription table

Command-line parameter Environment variable Description Default value
--log-groups LOG_GROUPS_LIST A space-separated list of log group names you want to subscribe to. For example: /aws/lambda/my-lambda /aws/apigateway/my-api.
--log-groups-from-file LOG_GROUPS_FILE A file listing the log groups you want to subscribe to. The file should contain each log group name on a separate line.
--filter-pattern FILTER_PATTERN If set, it allows you to subscribe to a filtered stream of logs. You subscribe to all logs in the log group.
--stack-name STACK_NAME The name of the CloudFormation stack where you have deployed the resources. dynatrace-aws-logs
--firehose-arn FIREHOSE_ARN Specify to which Amazon Data Firehose the logs should be streamed by providing its ARN (Amazon Resource Name). Usage recommendation: Set this option if you have permission or performance issues with CloudFormation. It will be extracted from the output of the CloudFormation stack used in the deploy step: either the $DEFAULT_STACK_NAME default value or the one specified with the --stack-name <your_stack_name> option.
--role-arn ROLE_ARN The ARN of an IAM role that grants CloudWatch Logs permission to deliver ingested log events to the destination stream. Usage recommendation: Set this option if you have permission or performance issues with CloudFormation. It will be extracted from the output of the CloudFormation stack used in the deploy step: either the $DEFAULT_STACK_NAME default value or the one specified with the --stack-name <your_stack_name> option.

Unsubscribe from log groups

If you don't want to forward logs to Dynatrace anymore, use one of the two options below to unsubscribe from log groups.

Unsubscribe by listing the log group names

Run the command below, making sure to replace <your_log_group_list> with a space-separated list of the log group names you want to unsubscribe from.

./dynatrace-aws-logs.sh unsubscribe --log-groups <your_log_group_list>

Unsubscribe by reading log groups from a file

Run the command below, making sure to replace <your_file_name> with the file name you created to subscribe by reading log groups from file.

./dynatrace-aws-logs.sh unsubscribe --log-groups-from-file <your_file_name>

Unsubscribe usage and options

For additional unsubscribe options, see the commands below.

Consult the Unsubscribe table for the commands below when replacing the placeholders (<...>) with your own values.

dynatrace-aws-logs.sh unsubscribe {--log-groups <your_log_group_list> | --log-groups-from-file <your_file_name>} [--stack-name <your_stack_name>]

Unsubscribe table

Command-line parameter Environment variable Description Default value
--log-groups LOG_GROUPS_LIST A space-separated list of log group names you want to unsubscribe from. For example: /aws/lambda/my-lambda /aws/apigateway/my-api.
--log-groups-from-file LOG_GROUPS_FILE A file listing log groups you want to unsubscribe from, with each log group name on a separate line.
--stack-name STACK_NAME The name of the CloudFormation stack where you have deployed the resources. dynatrace-aws-logs

Update to new version

To replace your old stack with a new version of the AWS log forwarder stack, deploy the new stack using the same parameters that you used before (especially the stack name, if you changed it from the default value).

Alternative deployments

If you don't want to use direct ingest through the Cluster API, you need to use an existing ActiveGate version 1.217+. The ActiveGate must be available publicly. The stack will be created without a dedicated ActiveGate if you choose this option.

Although the Log Forwarder will still work without self-monitoring metrics, it is recommended to have them also ingested into CloudWatch. Therefore, internet access to AWS endpoints is required.

See below for instructions.

Deploy with existing ActiveGate

Prerequisites

Dynatrace version 1.217+

Permissions policy for deployment with an existing ActiveGate

{



"Version": "2012-10-17",



"Statement": [



{



"Effect": "Allow",



"Action": [



"cloudformation:CreateChangeSet",



"cloudformation:ExecuteChangeSet",



"cloudformation:DescribeChangeSet",



"cloudformation:DescribeStackEvents",



"cloudformation:DescribeStacks",



"cloudformation:GetTemplateSummary",



"ec2:DescribeImages",



"s3:CreateBucket",



"s3:PutLifecycleConfiguration",



"s3:PutBucketPublicAccessBlock",



"iam:GetRole",



"iam:CreateRole",



"iam:AttachRolePolicy",



"iam:PutRolePolicy",



"iam:GetRolePolicy",



"iam:PassRole",



"lambda:CreateFunction",



"lambda:UpdateFunctionCode",



"lambda:GetFunction",



"lambda:GetFunctionCodeSigningConfig",



"cloudwatch:PutDashboard",



"cloudwatch:GetDashboard",



"firehose:DescribeDeliveryStream",



"firehose:CreateDeliveryStream",



"firehose:ListTagsForDeliveryStream",



"logs:DeleteSubscriptionFilter",



"logs:DescribeLogGroups",



"logs:PutSubscriptionFilter",



"ssm:GetParameters"



],



"Resource": "*"



}



]



}
  1. Set the following environment variables, making sure to replace the placeholders (<...>) with your own values, as follows.

  2. For TARGET_URL, enter the API URL of your ActiveGate endpoint: https://<your_activegate_IP_or_hostname>:9999/e/<your_environment_ID>. To learn how to determine your environment ID, see environment ID.

  3. For TARGET_API_TOKEN, enter your API token. For instructions, see Prerequisites.

If you want Dynatrace to verify the SSL certificate of your Dynatrace environment URL, you can set REQUIRE_VALID_CERTIFICATE to true.

TARGET_URL=<your_API_URL>



TARGET_API_TOKEN=<your_API_token>



REQUIRE_VALID_CERTIFICATE=false
2. Download the script and deploy the infrastructure.

wget -O dynatrace-aws-log-forwarder.zip https://github.com/dynatrace-oss/dynatrace-aws-log-forwarder/releases/latest/download/dynatrace-aws-log-forwarder.zip \



&& unzip -qo dynatrace-aws-log-forwarder.zip \



&& ./dynatrace-aws-logs.sh deploy --target-url $TARGET_URL --target-api-token $TARGET_API_TOKEN --require-valid-certificate $REQUIRE_VALID_CERTIFICATE

Deployment usage and options

For additional deployment options, see the command below.

dynatrace-aws-logs.sh deploy --target-url <your_API_URL> --target-api-token <your_API_token> [--require-valid-certificate {true|false}] [--stack-name <your_stack_name>] [--max-log-length <max_log_content_length>] [--tags <value> [<value>...] ]

For a complete list of parameters, see the deploy table below.

Deploy table

Command-line parameter Environment variable Description Default value
--target-url TARGET_URL Required The API URL to your Dynatrace SaaS environment logs ingest target. If you choose to use an existing environment ActiveGate, set it to your ActiveGate endpoint: https://<your_activegate_IP_or_hostname>:9999/e/<your_environment_ID> Note: To determine <your_environment_ID>, see environment ID.
--target-api-token TARGET_API_TOKEN Required Your API token. For instructions, see Prerequisites.
--require-valid-certificate REQUIRE_VALID_CERTIFICATE Optional If true, the log forwarder Lambda function verifies the SSL certificate of your Dynatrace environment URL. false
--stack-name STACK_NAME Optional The name of the CloudFormation stack where you want to deploy the resources. dynatrace-aws-logs
--max-log-length MAX_LOG_CONTENT_LENGTH Optional Log content's max length. If log exceeds this length it will be truncated. For values over 8192 there's also a change in Dynatrace settings needed—you need to contact a Dynatrace product expert via live chat within your environment. 8192
--tags TAGS Optional A list of tags to associate with the stack that is created or updated. Syntax: TagKey1=TagValue1 TagKey2=TagValue2 …

Verification

You can use the verification methods provided below to fix an unsuccessful deployment process.

Verify deployment status

To verify deployment correctness

  1. In AWS Console, go to CloudFormation.
  2. Select your log forwarder stack from the list on the left by stack name (the default value is dynatrace-aws-logs).
  3. If you find any issues or discrepancies in any of the fields below, select Delete to delete the stack, and then repeat the deployment process.

  4. In Stack info, check the stack status; it should be CREATE_COMPLETE.

  5. In Parameters, check if the parameter values are consistent with the values you provided during deployment.
  6. In Events, look for any events with a failed status.

Verify connectivity status

To verify AWS log forwarder connectivity and inspect operational logs

  1. In AWS Console, go to CloudWatch Dashboards.
  2. Find the self-monitoring dashboard for AWS log forwarding. It will have a name like DynatraceLogForwarder-SelfMonitoring-eu-north-1-dynatrace-aws-logs, where the middle part is the AWS region and the last part is the stack name you chose (the default is dynatrace-aws-logs).
  3. Inspect the dashboard for any obvious issues.
  4. Go to CloudFormation.
  5. Select your log forwarder stack from the list on the left by stack name (the default value is dynatrace-aws-logs).
  6. Select the Resources tab and then select the link next to Lambda.
  7. On the Lambda screen, select the Monitor tab and then select Logs.
  8. Select one of the listed log streams and look for exceptions in the logs.

Scaling guide

To scale up the default throughput, we recommend increasing the Lambda Function's memory and the number of provisioned instances to run concurrently. The values to use depend on the actual load. The following are the maximum tested and supported values.

Maximum throughput Lambda memory Number of instances
up to 15 MB/minute (1 GB/hour) 256 MB 1
up to 500 MB/minute (30 GB/hour) 1024 MB 5

As a last resort, scale horizontally: deploy more integrations and subscribe each of them to different log groups to distribute the load.

Uninstall AWS log forwarding

To uninstall AWS log forwarding

  1. Unsubscribe all log groups. You can use the log groups auto-discovery method described in Subscribe by reading log groups from file and pass the auto-discovery output file to the unsubscribe command. See Unsubscribe from log groups for details.
  2. In AWS Console, go to your CloudFormation stack.
  3. Select the Resources tab and navigate to the DeliveryBucket S3 bucket.
  4. Remove all objects in the bucket.
  5. Go back to the CloudFormation stack and select Delete.

Source: aws-migration-guide.md


title: Migrate from AWS classic (formerly 'built-in') services to cloud services source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/aws-migration-guide scraped: 2026-02-17T05:00:33.913760


Migrate from AWS classic (formerly 'built-in') services to cloud services

Migrate from AWS classic (formerly 'built-in') services to cloud services

  • How-to guide
  • 9-min read
  • Updated on Jun 27, 2024

From the AWS overview page, you can access Dynatrace classic services and cloud services for AWS monitoring. Both types of services share the same AWS resources. However, classic services use a predefined set of metrics, so configuring which metrics to monitor, or determining which ones are already monitored, is not supported.

Classic services vs cloud services

As previously mentioned, classic services and cloud services share the same AWS resources. However, cloud services support a wider range of configuration options, such as new metrics and customizable monitored metrics. To give you more customization options, we’ve started the following:

  • Adding more services to the Cloud services section so you can customize which metrics you want to monitor.
  • Adding more metrics for cloud services; not only are they configurable, but you can now monitor much more than before.
  • Replacing the classic services with cloud services that have more configuration options regarding metrics.

AWS E2E Cloud services infographic

If you're using classic services, we recommend migrating to cloud services to take advantage of the wider range of customizable configuration options.

AWS Lambda

If you're using OneAgent integration for your Lambdas, we recommend Lambda migration. Since the release of Dynatrace version 1.283, we show data for the new Lambda service together with OneAgent data on the Lambda service page.

Impact of the migration

Even though classic and cloud services monitor the same AWS resources on Dynatrace side, they are monitored as two different entities.

  • They have different entity IDs and metric keys.
  • Due to their different implementations, they may detect different numbers of instances. Cloud services show only instances with metrics.
  • Data for each Dynatrace entity type is collected and stored separately.
  • Warning Breaking change You need to adapt the configuration of dashboards, alerts, and management zones based on entity ID or metric keys with the monitored service type.

You currently have the option to choose from a classic or cloud service to preserve historical data, but be aware of the following:

  • Historical data is persisted on the classic services. If you switch back, monitored data will present gaps for the period in which the resources were monitored via the cloud service.
  • You can’t have both of them turned on simultaneously. Even though on the Dynatrace side they’re two different services, the legacy and new versions monitor the same AWS resource. If you had two versions switched on simultaneously, you would be charged double for polling the same data twice.
  • If you turn on the new version, the classic version is turned off automatically, and vice versa.
  • There is no direct link between

  • Entities containing historical and new data.

  • Cloud service data and data coming from OneAgent for opaque Amazon RDS—not linked to the new cloud service page with CloudWatch metrics.
  • Logs from Amazon Data Firehose to Amazon RDS are still being linked to the historical data and entity RELATIONAL_DATABASE_SERVICE.
  • Events or problems that would have been auto-detected on the historical (classic) data might not be automatically raised. Alerting rules are not provided for these cloud services:

  • Amazon RDS

  • Amazon EBS
  • AWS Lambda—predefined metric event configuration is provided but needs to be manually enabled.

To monitor cloud services, you need to have Environment ActiveGate configured.

Changes in the UI

Your AWS overview page changes after configuring a new version of a service.

For example, let’s have a look at Amazon EBS.

  • If the legacy Amazon EBS (classic) service is configured, this is what the EBS volumes section of the AWS overview looks like.

EBS volumes section 1 * If the Amazon EBS cloud service is configured, this is what the EBS volumes section of the AWS overview looks like.

EBS volumes section 2 * Select Cloud services to find new overview pages for the services.

Amazon EBS * Additionally, you can configure metrics for cloud services via the web UI.

AWS Settings Manage services

Settings Amazon EBS

Cloud services and their corresponding classic services

new Cloud service old Classic service
Amazon EC2 Auto Scaling Amazon EC2 Auto Scaling (classic)
Amazon DynamoDB Amazon DynamoDB (classic)
Amazon EBS Amazon EBS (classic)
AWS Lambda AWS Lambda (classic)
Amazon RDS Amazon RDS (classic)

Metrics migration

Below you can find tables with classic services metrics and their corresponding cloud services metrics. Empty cells indicate the lack of an identical corresponding metric.

You can find more details about accessing these in Grail on this page.

The ext: prefix is used by metrics from OneAgent extensions and ActiveGate extensions, and also by classic metrics for AWS integration.

Despite the naming similarities, AWS integration metrics are not based on extensions.

Amazon Auto scaling group

Classic service metric name Classic service metric key Cloud service metric name Cloud service metric key
Number of running EC2 instances (ASG) builtin:cloud.aws.asg.running - -
Number of stopped EC2 instances (ASG) builtin:cloud.aws.asg.stopped - -
Number of terminated EC2 instances (ASG) builtin:cloud.aws.asg.terminated - -

Amazon DynamoDB

Classic service metric name Classic service metric key Cloud service metric name Cloud service metric key
DynamoDB read capacity units builtin:cloud.aws.dynamo.capacityUnits.consumed.read ConsumedReadCapacityUnits Sum ext:cloud.aws.dynamodb.consumedReadCapacityUnitsSum ext:cloud.aws.dynamodb.consumedReadCapacityUnitsByGlobalSecondaryIndexName
DynamoDB write capacity units builtin:cloud.aws.dynamo.capacityUnits.consumed.write ConsumedWriteCapacityUnits Sum ext:cloud.aws.dynamodb.consumedWriteCapacityUnitsSum ext:cloud.aws.dynamodb.consumedWriteCapacityUnitsSumByGlobalSecondaryIndexName
DynamoDB provisioned read capacity units builtin:cloud.aws.dynamo.capacityUnits.provisioned.read ProvisionedReadCapacityUnits Sum ext:cloud.aws.dynamodb.provisionedReadCapacityUnitsSum ext:cloud.aws.dynamodb.provisionedReadCapacityUnitsSumByGlobalSecondaryIndexName
DynamoDB provisioned write capacity units builtin:cloud.aws.dynamo.capacityUnits.provisioned.write ProvisionedWriteCapacityUnits Sum ext:cloud.aws.dynamodb.provisionedWriteCapacityUnitsSum ext:cloud.aws.dynamodb.provisionedWriteCapacityUnitsSumByGlobalSecondaryIndexName
DynamoDB read capacity units % builtin:cloud.aws.dynamo.capacityUnits.read calculated 100 * ext:cloud.aws.dynamodb.consumedReadCapacityUnitsSum / ext:cloud.aws.dynamodb.provisionedReadCapacityUnitsSum
DynamoDB write capacity units % builtin:cloud.aws.dynamo.capacityUnits.write calculated 100 * ext:cloud.aws.dynamodb.consumedWriteCapacityUnitsSum / ext:cloud.aws.dynamodb.provisionedWriteCapacityUnitsSum
DynamoDB number of requests with HTTP 500 status code builtin:cloud.aws.dynamo.errors.system SystemErrors Sum (by Operation) ext:cloud.aws.dynamodb.SystemErrorsSumByOperation
DynamoDB number of requests with HTTP 400 status code builtin:cloud.aws.dynamo.errors.user UserErrors Sum (by Region) ext:cloud.aws.dynamodb.UserErrorsSum
DynamoDB number of successful request latency for operation builtin:cloud.aws.dynamo.requests.latency SuccessfulRequestLatency (by Operation) ext:cloud.aws.dynamodb.successfulRequestLatencyByOperation
DynamoDB number of items returned by operation builtin:cloud.aws.dynamo.requests.returnedItems ReturnedItemCount Sum (by Operation) ext:cloud.aws.dynamodb.returnedItemCountSumByOperation
DynamoDB number of throttled requests for operation builtin:cloud.aws.dynamo.requests.throttled ThrottledRequests Sum (by Operation) ext:cloud.aws.dynamodb.ThrottledRequestsSumByOperation
DynamoDB number of read throttled events builtin:cloud.aws.dynamo.throttledEvents.read ReadThrottleEvents Sum ext:cloud.aws.dynamodb.ReadThrottleEventsSum ext:cloud.aws.dynamodb.ReadThrottleEventsSumByGlobalSecondaryIndexName
DynamoDB number of write throttled events builtin:cloud.aws.dynamo.throttledEvents.write WriteThrottleEvents Sum ext:cloud.aws.dynamodb.WriteThrottleEventsSum ext:cloud.aws.dynamodb.WriteThrottleEventsSumByGlobalSecondaryIndexName
Number of tables for AvailabilityZone builtin:cloud.aws.dynamo.tables - -

Amazon EBS

Classic service metric name Classic service metric key Cloud service metric name Cloud service metric key
EBS volume read latency builtin:cloud.aws.ebs.latency.read - -
EBS volume write latency builtin:cloud.aws.ebs.latency.write - -
EBS volume consumed OPS builtin:cloud.aws.ebs.ops.consumed VolumeConsumedReadWriteOps Sum ext:cloud.aws.ebs.volumeConsumedReadWriteOps
EBS volume read OPS builtin:cloud.aws.ebs.ops.read VolumeReadOps Sum ext:cloud.aws.ebs.volumeReadOpsSum
EBS volume write OPS builtin:cloud.aws.ebs.ops.write VolumeWriteOps Sum ext:cloud.aws.ebs.volumeWriteOpsSum
EBS volume throughput % builtin:cloud.aws.ebs.throughput.percent VolumeThroughputPercentage ext:cloud.aws.ebs.volumeThroughputPercentage
EBS volume read throughput builtin:cloud.aws.ebs.throughput.read calculated ext:cloud.aws.ebs.volumeReadBytes / ext:cloud.aws.ebs.volumeTotalReadTime
EBS volume write throughput builtin:cloud.aws.ebs.throughput.write calculated ext:cloud.aws.ebs.volumeWriteBytes / ext:cloud.aws.ebs.volumeTotalWriteTime
EBS volume idle time % builtin:cloud.aws.ebs.idleTime - -
EBS volume queue length builtin:cloud.aws.ebs.queue VolumeQueueLength Sum ext:cloud.aws.ebs.volumeQueueLengthSum

AWS Lambda

Classic service metric name Classic service metric key Cloud service metric name Cloud service metric key
LambdaFunction concurrent executions count builtin:cloud.aws.lambda.concExecutions ConcurrentExecutions Sum ext:cloud.aws.lambda.concurrentExecutionsSum ext:cloud.aws.lambda.concurrentExecutionsSumByResource ext:cloud.aws.lambda.concurrentExecutionsSumByRegion
LambdaFunction code execution time. builtin:cloud.aws.lambda.duration Duration ext:cloud.aws.lambda.duration ext:cloud.aws.lambda.durationByResource ext:cloud.aws.lambda.durationByRegion
LambdaFunction number of failed invocations with HTTP 4XX status code builtin:cloud.aws.lambda.errors Errors Sum ext:cloud.aws.lambda.errorsSum ext:cloud.aws.lambda.errorsSumByResource ext:cloud.aws.lambda.errorsSumByRegion
LambdaFunction rate of failed invocations to all invocations % builtin:cloud.aws.lambda.errorsRate calculated 100 * ext:cloud.aws.lambda.errorsSum / ext:cloud.aws.lambda.invocationsSum
LambdaFunction number of times a function is invoked builtin:cloud.aws.lambda.invocations Invocations Sum ext:cloud.aws.lambda.invocationsSum ext:cloud.aws.lambda.invocationsSumByResource ext:cloud.aws.lambda.invocationsSumByRegion
LambdaFunction provisioned concurrent executions count builtin:cloud.aws.lambda.provConcExecutions ProvisionedConcurrentExecutions Sum ext:cloud.aws.lambda.provisionedConcurrentExecutionsSum ext:cloud.aws.lambda.provisionedConcurrentExecutionsSumByResource ext:cloud.aws.lambda.provisionedConcurrentExecutionsSumByRegion
LambdaFunction provisioned concurrency invocation count builtin:cloud.aws.lambda.provConcInvocations ProvisionedConcurrencyInvocations Sum ext:cloud.aws.lambda.provisionedConcurrencyInvocationsSum ext:cloud.aws.lambda.provisionedConcurrencyInvocationsSumByResource ext:cloud.aws.lambda.provisionedConcurrencyInvocationsSumByRegion
LambdaFunction provisioned concurrency spillover invocation count builtin:cloud.aws.lambda.provConcSpilloverInvocations ProvisionedConcurrencySpilloverInvocations Sum ext:cloud.aws.lambda.provisionedConcurrencySpilloverInvocationsSum ext:cloud.aws.lambda.provisionedConcurrencySpilloverInvocationsSumByResource ext:cloud.aws.lambda.provisionedConcurrencySpilloverInvocationsSumByRegion
LambdaFunction throttled function invocation count builtin:cloud.aws.lambda.throttlers Throttles Sum ext:cloud.aws.lambda.throttlesSum ext:cloud.aws.lambda.throttlesSumByResource ext:cloud.aws.lambda.throttlesSumByRegion

Amazon RDS

Classic service metric name Classic service metric key Cloud service metric name Cloud service metric key
RDS CPU usage % builtin:cloud.aws.rds.cpu.usage CPUUtilization ext:cloud.aws.rds.cpuUtilization ext:cloud.aws.rds.cpuUtilizationByRegionDatabaseClass ext:cloud.aws.rds.cpuUtilizationByRegionDBClusterIdentifier ext:cloud.aws.rds.cpuUtilizationByRegion ext:cloud.aws.rds.cpuUtilizationByRegionEngineName ext:cloud.aws.rds.cpuUtilizationByRegionDBClusterIdentifierRole
RDS read latency builtin:cloud.aws.rds.latency.read ReadLatency ext:cloud.aws.rds.readLatency ext:cloud.aws.rds.readLatencyByRegionDatabaseClass ext:cloud.aws.rds.readLatencyByRegionDBClusterIdentifier ext:cloud.aws.rds.readLatencyByRegion ext:cloud.aws.rds.readLatencyByRegionEngineName ext:cloud.aws.rds.readLatencyByRegionDBClusterIdentifierRole
RDS write latency builtin:cloud.aws.rds.latency.write WriteLatency ext:cloud.aws.rds.writeLatency ext:cloud.aws.rds.writeLatencyByRegionDatabaseClass ext:cloud.aws.rds.writeLatencyByRegionDBClusterIdentifier ext:cloud.aws.rds.writeLatencyByRegion ext:cloud.aws.rds.writeLatencyByRegionEngineName ext:cloud.aws.rds.writeLatencyByRegionDBClusterIdentifierRole
RDS freeable memory builtin:cloud.aws.rds.memory.freeable FreeableMemory ext:cloud.aws.rds.freeableMemory ext:cloud.aws.rds.freeableMemoryByRegionDatabaseClass ext:cloud.aws.rds.freeableMemoryByRegionDBClusterIdentifier ext:cloud.aws.rds.freeableMemoryByRegion ext:cloud.aws.rds.freeableMemoryByRegionEngineName ext:cloud.aws.rds.freeableMemoryByRegionDBClusterIdentifierRole
RDS swap usage builtin:cloud.aws.rds.memory.swap SwapUsage ext:cloud.aws.rds.swapUsage ext:cloud.aws.rds.swapUsageByRegionDatabaseClass ext:cloud.aws.rds.swapUsageByRegionDBClusterIdentifier ext:cloud.aws.rds.swapUsageByRegion ext:cloud.aws.rds.swapUsageByRegionEngineName ext:cloud.aws.rds.swapUsageByRegionDBClusterIdentifierRole
RDS network received throughput builtin:cloud.aws.rds.net.rx NetworkReceiveThroughput ext:cloud.aws.rds.networkReceiveThroughput ext:cloud.aws.rds.networkReceiveThroughputByRegionDatabaseClass ext:cloud.aws.rds.networkReceiveThroughputByRegionDBClusterIdentifier ext:cloud.aws.rds.networkReceiveThroughputByRegion ext:cloud.aws.rds.networkReceiveThroughputByRegionEngineName ext:cloud.aws.rds.networkReceiveThroughputByRegionDBClusterIdentifierRole
RDS network transmitted throughput builtin:cloud.aws.rds.net.tx NetworkTransmitThroughput ext:cloud.aws.rds.networkTransmitThroughput ext:cloud.aws.rds.networkTransmitThroughputByRegionDatabaseClass ext:cloud.aws.rds.networkTransmitThroughputByRegionDBClusterIdentifier ext:cloud.aws.rds.networkTransmitThroughputByRegion ext:cloud.aws.rds.networkTransmitThroughputByRegionEngineName ext:cloud.aws.rds.networkTransmitThroughputByRegionDBClusterIdentifierRole
RDS read IOPS builtin:cloud.aws.rds.ops.read ReadIOPS ext:cloud.aws.rds.readIOPS ext:cloud.aws.rds.readIOPSByRegionDatabaseClass ext:cloud.aws.rds.readIOPSByRegion ext:cloud.aws.rds.readIOPSByRegionEngineName
RDS write IOPS builtin:cloud.aws.rds.ops.write WriteIOPS ext:cloud.aws.rds.writeIOPS ext:cloud.aws.rds.writeIOPSByRegionDatabaseClass ext:cloud.aws.rds.writeIOPSByRegion ext:cloud.aws.rds.writeIOPSByRegionEngineName
RDS read throughput builtin:cloud.aws.rds.throughput.read ReadThroughput ext:cloud.aws.rds.readThroughput ext:cloud.aws.rds.readThroughputByRegionDatabaseClass ext:cloud.aws.rds.readThroughputByRegion ext:cloud.aws.rds.readThroughputByRegionEngineName
RDS write throughput builtin:cloud.aws.rds.throughput.write WriteThroughput ext:cloud.aws.rds.writeThroughput ext:cloud.aws.rds.writeThroughputByRegionDatabaseClass ext:cloud.aws.rds.writeThroughputByRegion ext:cloud.aws.rds.writeThroughputByRegionEngineName
RDS connections builtin:cloud.aws.rds.connections DatabaseConnections Sum ext:cloud.aws.rds.databaseConnectionsSumByRegionDatabaseClass ext:cloud.aws.rds.databaseConnectionsSumByRegionDBClusterIdentifier ext:cloud.aws.rds.databaseConnectionsSumByRegion ext:cloud.aws.rds.databaseConnectionsSumByRegionEngineName ext:cloud.aws.rds.databaseConnectionsSumByRegionDBClusterIdentifierRole
RDS free storage space % builtin:cloud.aws.rds.free - -
RDS restarts builtin:cloud.aws.rds.restarts - -

Source: ec2-auto-scaling.md


title: Amazon EC2 Auto Scaling source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/cloudwatch-ec2/ec2-auto-scaling scraped: 2026-02-17T05:03:37.060997


Amazon EC2 Auto Scaling

Amazon EC2 Auto Scaling

  • How-to guide
  • 1-min read
  • Updated on Nov 15, 2023

For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon EC2 Auto Scaling. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

This service monitors Amazon EC2 Auto Scaling. For this service you can see only instances with metrics.

Remember that if you have Amazon EC2 Auto Scaling service configured, you can’t have Amazon EC2 Auto Scaling (built-in) service turned on. To monitor extended metrics, you need to select Amazon EC2 Auto Scaling, otherwise Amazon EC2 Auto Scaling (built-in) will provide only a basic count of EC2 instances in the scaling group.

By default, Auto Scaling Group metrics aren't reported. To have them reported, you need to enable them in the AWS Auto Scaling Group console.

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

EC2

Available metrics

AutoScalingGroupName is the main dimension.

Name Description Unit Statistics Dimensions Recommended
GroupAndWarmPoolDesiredCapacity The desired capacity of the Auto Scaling group and the warm pool combined. Count Average AutoScalingGroupName
GroupAndWarmPoolTotalCapacity The total capacity of the Auto Scaling group and the warm pool combined. This includes instances that are running, stopped, pending, terminating, or in service. Count Average AutoScalingGroupName
GroupDesiredCapacity The number of instances that the Auto Scaling group attempts to maintain Count Average AutoScalingGroupName Applicable
GroupInServiceCapacity The number of capacity units that are running as part of the Auto Scaling group Count Average AutoScalingGroupName
GroupInServiceInstances The number of instances that are running as part of the Auto Scaling group. This metric does not include instances that are pending or terminating. Count Average AutoScalingGroupName Applicable
GroupMaxSize The maximum size of the Auto Scaling group Count Average AutoScalingGroupName Applicable
GroupMinSize The minimum size of the Auto Scaling group Count Average AutoScalingGroupName Applicable
GroupPendingCapacity The number of capacity units that are pending Count Average AutoScalingGroupName
GroupPendingInstances The number of instances that are pending. A pending instance is not yet in service. This metric does not include instances that are in service or terminating. Count Average AutoScalingGroupName Applicable
GroupStandbyCapacity The number of capacity units that are in a standby state Count Average AutoScalingGroupName
GroupStandbyInstances The number of instances that are in a standby state. Instances in this state are still running but are not actively in service. Count Average AutoScalingGroupName Applicable
GroupTerminatingCapacity The number of capacity units that are in the process of terminating Count Average AutoScalingGroupName
GroupTerminatingInstances The number of instances that are in the process of terminating. This metric does not include instances that are in service or pending. Count Average AutoScalingGroupName Applicable
GroupTotalCapacity The total number of capacity units in the Auto Scaling group Count Average AutoScalingGroupName
GroupTotalInstances The total number of instances in the Auto Scaling group. This metric identifies the number of instances that are in service, pending, and terminating. Count Average AutoScalingGroupName Applicable
WarmPoolDesiredCapacity The amount of capacity that Amazon EC2 Auto Scaling attempts to maintain in the warm pool. Count Average AutoScalingGroupName
WarmPoolMinSize The minimum size of the warm pool. Count Average AutoScalingGroupName
WarmPoolPendingCapacity The amount of capacity in the warm pool that is pending. This metric does not include instances that are running, stopped, or terminating. Count Average AutoScalingGroupName
WarmPoolTerminatingCapacity The amount of capacity in the warm pool that is in the process of terminating. This metric does not include instances that are running, stopped, or pending. Count Average AutoScalingGroupName
WarmPoolTotalCapacity The total capacity of the warm pool, including instances that are running, stopped, pending, or terminating. Count Average AutoScalingGroupName
WarmPoolWarmedCapacity The amount of capacity available to enter the Auto Scaling group during scale out. This metric does not include instances that are pending or terminating. Count Average AutoScalingGroupName

Limitations

Tagging isn't available for Amazon EC2 Auto Scaling.

Dynatrace entities of this AWS service are not enriched with the ARN property.


Source: cloudwatch-eks.md


title: Monitor Amazon Elastic Kubernetes Service (EKS) with CloudWatch metrics source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/cloudwatch-eks scraped: 2026-02-17T04:49:12.892224


Monitor Amazon Elastic Kubernetes Service (EKS) with CloudWatch metrics

Monitor Amazon Elastic Kubernetes Service (EKS) with CloudWatch metrics

  • How-to guide
  • 5-min read
  • Updated on Jun 20, 2022

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Elastic Kubernetes Service (EKS). You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

  • Set up Container Insights on Amazon EKS or Kubernetes.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Container Insights needs to be set up on a cluster to have metrics reported. For details, see the AWS documentation.

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Eks dash

Available metrics

Name Description Unit Statistics Dimensions Recommended
cluster_failed_node_count The number of failed worker nodes in the cluster Count Average ClusterName Applicable
cluster_node_count The total number of worker nodes in the cluster Count Average ClusterName Applicable
namespace_number_of_running_pods The number of pods running per namespace in the resource that is specified by the dimensions that you're using Count Average ClusterName, Namespace Applicable
node_cpu_limit The maximum number of CPU units that can be assigned to a single node in this cluster None Multi ClusterName Applicable
node_cpu_reserved_capacity The percentage of CPU units that are reserved for node components, such as kubelet, kube-proxy, and Docker Percent Multi ClusterName, InstanceId, NodeName
node_cpu_reserved_capacity Percent Multi ClusterName Applicable
node_cpu_usage_total The number of CPU units being used on the nodes in the cluster None Multi ClusterName Applicable
node_cpu_utilization The total percentage of CPU units being used on the nodes in the cluster Percent Multi ClusterName, InstanceId, NodeName Applicable
node_cpu_utilization Percent Multi ClusterName
node_filesystem_utilization The total percentage of file system capacity being used on nodes in the cluster Percent Multi ClusterName, InstanceId, NodeName Applicable
node_filesystem_utilization Percent Multi ClusterName
node_memory_limit The maximum amount of memory, in bytes, that can be assigned to a single node in this cluster Bytes Multi ClusterName Applicable
node_memory_reserved_capacity The percentage of memory currently being used on the nodes in the cluster Percent Multi ClusterName, InstanceId, NodeName
node_memory_reserved_capacity Percent Multi ClusterName Applicable
node_memory_utilization The percentage of memory currently being used by the node or nodes Percent Multi ClusterName, InstanceId, NodeName Applicable
node_memory_utilization Percent Multi ClusterName
node_memory_working_set The amount of memory, in bytes, being used in the working set of the nodes in the cluster Bytes Multi ClusterName Applicable
node_network_total_bytes The total number of bytes per second transmitted and received over the network per node in a cluster Bytes/Second Multi ClusterName, InstanceId, NodeName Applicable
node_network_total_bytes Bytes/Second Multi ClusterName Applicable
node_number_of_running_containers The number of running containers per node in a cluster Count Average ClusterName, InstanceId, NodeName Applicable
node_number_of_running_containers Count Average ClusterName
node_number_of_running_pods The number of running pods per node in a cluster Count Average ClusterName, InstanceId, NodeName Applicable
node_number_of_running_pods Count Average ClusterName
pod_cpu_reserved_capacity The CPU capacity that is reserved per pod in a cluster Percent Multi ClusterName, Namespace, PodName
pod_cpu_reserved_capacity Percent Multi ClusterName
pod_cpu_utilization The percentage of CPU units being used by pods Percent Multi ClusterName, Namespace Applicable
pod_cpu_utilization Percent Multi ClusterName, Namespace, PodName
pod_cpu_utilization Percent Multi ClusterName
pod_cpu_utilization_over_pod_limit The percentage of CPU units being used by pods that is over the pod limit Percent Multi ClusterName, Namespace
pod_cpu_utilization_over_pod_limit Percent Multi ClusterName, Namespace, PodName Applicable
pod_cpu_utilization_over_pod_limit Percent Multi ClusterName
pod_memory_reserved_capacity The percentage of memory that is reserved for pods Percent Multi ClusterName, Namespace, PodName
pod_memory_reserved_capacity Percent Multi ClusterName
pod_memory_utilization The percentage of memory currently being used by the pod or pods Percent Multi ClusterName, Namespace Applicable
pod_memory_utilization Percent Multi ClusterName, Namespace, PodName
pod_memory_utilization Percent Multi ClusterName
pod_memory_utilization_over_pod_limit The percentage of memory that is being used by pods that is over the pod limit Percent Multi ClusterName, Namespace
pod_memory_utilization_over_pod_limit Percent Multi ClusterName, Namespace, PodName Applicable
pod_memory_utilization_over_pod_limit Percent Multi ClusterName
pod_network_rx_bytes The number of bytes per second being received over the network by the pod Bytes/Second Multi ClusterName, Namespace
pod_network_rx_bytes Bytes/Second Multi ClusterName, Namespace, PodName Applicable
pod_network_rx_bytes Bytes/Second Multi ClusterName
pod_network_tx_bytes The number of bytes per second being transmitted over the network by the pod Bytes/Second Multi ClusterName, Namespace
pod_network_tx_bytes Bytes/Second Multi ClusterName, Namespace, PodName Applicable
pod_network_tx_bytes Bytes/Second Multi ClusterName
pod_number_of_container_restarts The total number of container restarts in a pod Count Sum ClusterName, Namespace, PodName Applicable
service_number_of_running_pods The number of pods running the service or services in the cluster Count Average ClusterName, Namespace, Service
service_number_of_running_pods Count Average ClusterName

Source: cloudwatch-elastic-beanstalk.md


title: Monitor AWS Elastic Beanstalk with CloudWatch metrics source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/cloudwatch-elastic-beanstalk scraped: 2026-02-16T21:28:03.332746


Monitor AWS Elastic Beanstalk with CloudWatch metrics

Monitor AWS Elastic Beanstalk with CloudWatch metrics

  • How-to guide
  • 6-min read
  • Published Sep 08, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including AWS Elastic Beanstalk. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

  • ActiveGate version 1.197+

  • For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.

For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.

To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

JSON predefined policy for all supporting services

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"apigateway:GET",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"sts:GetCallerIdentity",



"tag:GetResources",



"tag:GetTagKeys",



"ec2:DescribeAvailabilityZones"



],



"Resource": "*"



}



]



}

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All AWS cloud services.

Install OneAgent Optional

To install and customize OneAgent, see Deploy OneAgent on AWS Elastic Beanstalk.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (…) and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (…) and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

Preset dashboard availability list

AWS service Preset dashboard
Amazon EC2 Auto Scaling (built-in) Not applicable
AWS Lambda (built-in) Not applicable
Amazon Application and Network Load Balancer (built-in) Not applicable
Amazon DynamoDB (built-in) Not applicable
Amazon EBS (built-in) Not applicable
Amazon EC2 (built-in) Not applicable
Amazon Elastic Load Balancer (ELB) (built-in) Not applicable
Amazon RDS (built-in) Not applicable
Amazon S3 (built-in) Not applicable
AWS Certificate Manager Private Certificate Authority Not applicable
All monitored Amazon services Not applicable
Amazon API Gateway Not applicable
AWS App Runner Not applicable
Amazon AppStream Applicable
AWS AppSync Applicable
Amazon Athena Applicable
Amazon Aurora Not applicable
Amazon EC2 Auto Scaling Applicable
AWS Billing Applicable
Amazon Keyspaces Applicable
AWS Chatbot Applicable
Amazon CloudFront Not applicable
AWS CloudHSM Applicable
Amazon CloudSearch Applicable
AWS CodeBuild Applicable
Amazon Cognito Not applicable
Amazon Connect Applicable
AWS DataSync Applicable
Amazon DynamoDB Accelerator (DAX) Applicable
AWS Database Migration Service (AWS DMS) Applicable
Amazon DocumentDB Applicable
AWS Direct Connect Applicable
Amazon DynamoDB Not applicable
Amazon EBS Not applicable
Amazon EC2 Spot Fleet Not applicable
Amazon EC2 API Applicable
Amazon Elastic Container Service (ECS) Not applicable
Amazon ECS Container Insights Applicable
Amazon Elastic File System (EFS) Not applicable
Amazon Elastic Kubernetes Service (EKS) Applicable
Amazon ElastiCache (EC) Not applicable
AWS Elastic Beanstalk Applicable
Amazon Elastic Inference Applicable
Amazon Elastic Transcoder Applicable
Amazon Elastic Map Reduce (EMR) Not applicable
Amazon Elasticsearch Service (ES) Not applicable
Amazon EventBridge Applicable
Amazon FSx Applicable
Amazon GameLift Applicable
AWS Glue Not applicable
Amazon Inspector Applicable
AWS Internet of Things (IoT) Not applicable
AWS IoT Things Graph Applicable
AWS IoT Analytics Applicable
Amazon Managed Streaming for Kafka Applicable
Amazon Kinesis Data Analytics Not applicable
Amazon Data Firehose Not applicable
Amazon Kinesis Data Streams Not applicable
Amazon Kinesis Video Streams Not applicable
AWS Lambda Not applicable
Amazon Lex Applicable
Amazon CloudWatch Logs Applicable
AWS Elemental MediaTailor Applicable
AWS Elemental MediaConnect Applicable
AWS Elemental MediaConvert Applicable
AWS Elemental MediaPackage Live Applicable
AWS Elemental MediaPackage Video on Demand Applicable
Amazon MQ Applicable
Amazon VPC NAT Gateways Not applicable
Amazon Neptune Applicable
AWS OpsWorks Applicable
Amazon Polly Applicable
Amazon QLDB Applicable
Amazon RDS Not applicable
Amazon Redshift Not applicable
Amazon Rekognition Applicable
AWS RoboMaker Applicable
Amazon Route 53 Applicable
Amazon Route 53 Resolver Applicable
Amazon S3 Not applicable
Amazon SageMaker Batch Transform Jobs Not applicable
Amazon SageMaker Endpoints Not applicable
Amazon SageMaker Endpoint Instances Not applicable
Amazon SageMaker Ground Truth Not applicable
Amazon SageMaker Processing Jobs Not applicable
Amazon SageMaker Training Jobs Not applicable
AWS Service Catalog Applicable
Amazon Simple Email Service (SES) Not applicable
Amazon Simple Notification Service (SNS) Not applicable
Amazon Simple Queue Service (SQS) Not applicable
AWS Systems Manager - Run Command Applicable
AWS Step Functions Applicable
AWS Storage Gateway Applicable
Amazon SWF Applicable
Amazon Textract Applicable
AWS Transfer Family Applicable
AWS Transit Gateway Applicable
Amazon Translate Applicable
AWS Trusted Advisor Applicable
AWS API Usage Applicable
AWS Site-to-Site VPN Applicable
AWS WAF Classic Applicable
AWS WAF Applicable
Amazon WorkMail Applicable
Amazon WorkSpaces Applicable

Elastic beanstalk

Available metrics

Name Description Unit Statistics Dimensions Recommended
ApplicationLatencyP10 The average amount of time, in seconds, it takes to complete the fastest 10% of requests (instance and environment) Seconds Multi EnvironmentName, InstanceId
ApplicationLatencyP10 Seconds Multi EnvironmentName
ApplicationLatencyP50 The average amount of time, in seconds, it takes to complete the fastest 50% of requests (instance and environment) Seconds Multi EnvironmentName, InstanceId
ApplicationLatencyP50 Seconds Multi EnvironmentName
ApplicationLatencyP75 The average amount of time, in seconds, it takes to complete the fastest 75% of requests (instance and environment) Seconds Multi EnvironmentName, InstanceId
ApplicationLatencyP75 Seconds Multi EnvironmentName
ApplicationLatencyP85 The average amount of time, in seconds, it takes to complete the fastest 85% of requests (instance and environment) Seconds Multi EnvironmentName, InstanceId
ApplicationLatencyP85 Seconds Multi EnvironmentName
ApplicationLatencyP90 The average amount of time, in seconds, it takes to complete the fastest 90% of requests (instance and environment) Seconds Multi EnvironmentName, InstanceId
ApplicationLatencyP90 Seconds Multi EnvironmentName Applicable
ApplicationLatencyP95 The average amount of time, in seconds, it takes to complete the fastest 95% of requests (instance and environment) Seconds Multi EnvironmentName, InstanceId
ApplicationLatencyP95 Seconds Multi EnvironmentName
ApplicationLatencyP99 The average amount of time, in seconds, it takes to complete the fastest 99% of requests (instance and environment) Seconds Multi EnvironmentName, InstanceId
ApplicationLatencyP99 Seconds Multi EnvironmentName
ApplicationLatencyP99.9 The average amount of time, in seconds, it takes to complete the fastest 99.9% of requests (instance and environment) Seconds Multi EnvironmentName, InstanceId
ApplicationLatencyP99.9 Seconds Multi EnvironmentName
ApplicationRequestsTotal The total number of requests completed by the instance or environment Count Sum EnvironmentName, InstanceId
ApplicationRequestsTotal Count Sum EnvironmentName Applicable
ApplicationRequests2xx The number of requests that completed with a 2XX status code (instance and environment) Count Sum EnvironmentName, InstanceId
ApplicationRequests2xx Count Sum EnvironmentName
ApplicationRequests3xx The number of requests that completed with a 3XX status code (instance and environment) Count Sum EnvironmentName, InstanceId
ApplicationRequests3xx Count Sum EnvironmentName
ApplicationRequests4xx The number of requests that completed with a 4XX status code (instance and environment) Count Sum EnvironmentName, InstanceId
ApplicationRequests4xx Count Sum EnvironmentName Applicable
ApplicationRequests5xx The number of requests that completed with a 5XX status code (instance and environment) Count Sum EnvironmentName, InstanceId
ApplicationRequests5xx Count Sum EnvironmentName Applicable
CPUIdle The percentage of time the CPU was in idle state in the last minute (instance only) Percent Multi EnvironmentName, InstanceId
CPUIowait The percentage of time the CPU was in iowait state in the last minute (instance only) Percent Multi EnvironmentName, InstanceId
CPUIrq The percentage of time the CPU was in irq state in the last minute (instance only) Percent Multi EnvironmentName, InstanceId
CPUNice The percentage of time the CPU was in nice state in the last minute (instance only) Percent Multi EnvironmentName, InstanceId
CPUPrivileged The percentage of time the CPU was in privileged state in the last minute (instance only) Percent Multi EnvironmentName, InstanceId
CPUSoftirq The percentage of time the CPU was in softirq state in the last minute (instance only) Percent Multi EnvironmentName, InstanceId
CPUSystem The percentage of time the CPU was in system state in the last minute (instance only) Percent Multi EnvironmentName, InstanceId
CPUUser The percentage of time the CPU was in user state in the last minute (instance only) Percent Multi EnvironmentName, InstanceId
EnvironmentHealth The current health status of the environment, with seven possible values: 0 - OK, 1 - Info, 5 - Unknown, 10 - No data, 15 - Warning, 20 - Degraded, and 25 - Severe None Multi EnvironmentName Applicable
InstanceHealth The current health status of the instance, with seven possible values: 0 - OK, 1 - Info, 5 - Unknown, 10 - No data, 15 - Warning, 20 - Degraded, and 25 - Severe None Multi EnvironmentName, InstanceId Applicable
InstancesDegraded The number of instances in the environment with degraded health status (environment only) Count Multi EnvironmentName
InstancesInfo The number of instances in the environment with info health status (environment only) Count Multi EnvironmentName
InstancesNoData The number of instances for which no data is being received (environment only) Count Multi EnvironmentName
InstancesOk The number of instances in the environment with OK health status (environment only) Count Multi EnvironmentName
InstancesPending The number of instances in the environment with pending health status (environment only) Count Multi EnvironmentName
InstancesSevere The number of instances in the environment with severe health status (environment only) Count Multi EnvironmentName
InstancesUnknown The number of instances in the environment with unknown health status (environment only) Count Multi EnvironmentName
InstancesWarning The number of instances in the environment with warning health status (environment only) Count Multi EnvironmentName
LoadAverage1min The average CPU load of the instance over the last minute (instance only) Percent Multi EnvironmentName, InstanceId
LoadAverage5min The average CPU load of the instance over the last five minutes (instance only) Percent Multi EnvironmentName, InstanceId
RootFilesystemUtil The percentage of disk space that's in use (instance only) Percent Multi EnvironmentName, InstanceId
RootFilesystemUtil Percent Multi EnvironmentName

Source: default-aws-metrics.md


title: Classic (formerly 'built-in') AWS metrics source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/default-aws-metrics scraped: 2026-02-16T09:38:34.053585


Classic (formerly 'built-in') AWS metrics

Classic (formerly 'built-in') AWS metrics

  • Reference
  • 1-min read
  • Updated on Jan 29, 2024

For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.

The table below lists all AWS metrics that Dynatrace collects by default when you enable AWS monitoring.

For all other metrics collected by Dynatrace per configurable AWS service, see the cloud services pages.

Metric key Name Unit Aggregations
builtin:cloud.aws.alb.connections.active ALB number of active connections Count autoavgmaxmin
builtin:cloud.aws.alb.connections.new ALB number of new connections Count autovalue
builtin:cloud.aws.alb.errors.alb.http4xx ALB number of 4XX errors Count autovalue
builtin:cloud.aws.alb.errors.alb.http5xx ALB number of 5XX errors Count autovalue
builtin:cloud.aws.alb.errors.target.http4xx ALB number of 4XX target errors Count autovalue
builtin:cloud.aws.alb.errors.target.http5xx ALB number of 5XX target errors Count autovalue
builtin:cloud.aws.alb.errors.rejCon ALB number of rejected connections Count autovalue
builtin:cloud.aws.alb.errors.targConn ALB number of target connection errors Count autovalue
builtin:cloud.aws.alb.errors.tlsNeg ALB number of client TLS negotiation errors Count autovalue
builtin:cloud.aws.alb.bytes ALB number of processed bytes Count autovalue
builtin:cloud.aws.alb.lcus ALB number of consumed LCUs Count autovalue
builtin:cloud.aws.alb.requests ALB number of requests Count autovalue
builtin:cloud.aws.alb.respTime ALB target response time Second autoavgmaxmin
builtin:cloud.aws.asg.running Number of running EC2 instances (ASG) Count autoavgmaxmin
builtin:cloud.aws.asg.stopped Number of stopped EC2 instances (ASG) Count autoavgmaxmin
builtin:cloud.aws.asg.terminated Number of terminated EC2 instances (ASG) Count autoavgmaxmin
builtin:cloud.aws.az.running Number of running EC2 instances (AZ) Count autoavgmaxmin
builtin:cloud.aws.az.stopped Number of stopped EC2 instances (AZ) Count autoavgmaxmin
builtin:cloud.aws.az.terminated Number of terminated EC2 instances (AZ) Count autoavgmaxmin
builtin:cloud.aws.dynamo.capacityUnits.consumed.read DynamoDB read capacity units Count autovalue
builtin:cloud.aws.dynamo.capacityUnits.consumed.write DynamoDB write capacity units Count autovalue
builtin:cloud.aws.dynamo.capacityUnits.provisioned.read DynamoDB provisioned read capacity units Count autovalue
builtin:cloud.aws.dynamo.capacityUnits.provisioned.write DynamoDB provisioned write capacity units Count autovalue
builtin:cloud.aws.dynamo.capacityUnits.read DynamoDB read capacity units % Percent (%) autoavgmaxmin
builtin:cloud.aws.dynamo.capacityUnits.write DynamoDB write capacity units % Percent (%) autoavgmaxmin
builtin:cloud.aws.dynamo.errors.system DynamoDB number of requests with HTTP 500 status code Count autovalue
builtin:cloud.aws.dynamo.errors.user DynamoDB number of requests with HTTP 400 status code Count autovalue
builtin:cloud.aws.dynamo.requests.latency DynamoDB number of successful request latency for operation Millisecond autoavgmaxmin
builtin:cloud.aws.dynamo.requests.returnedItems DynamoDB number of items returned by operation Count autovalue
builtin:cloud.aws.dynamo.requests.throttled DynamoDB number of throttled requests for operation Count autovalue
builtin:cloud.aws.dynamo.throttledEvents.read DynamoDB number of read throttled events Count autovalue
builtin:cloud.aws.dynamo.throttledEvents.write DynamoDB number of write throttled events Count autovalue
builtin:cloud.aws.dynamo.tables Number of tables for AvailabilityZone Count autoavgmaxmin
builtin:cloud.aws.ebs.latency.read EBS volume read latency Second autoavgmaxmin
builtin:cloud.aws.ebs.latency.write EBS volume write latency Second autoavgmaxmin
builtin:cloud.aws.ebs.ops.consumed EBS volume consumed OPS Per second autovalue
builtin:cloud.aws.ebs.ops.read EBS volume read OPS Per second autoavgmaxmin
builtin:cloud.aws.ebs.ops.write EBS volume write OPS Per second autoavgmaxmin
builtin:cloud.aws.ebs.throughput.percent EBS volume throughput % Percent (%) autoavgmaxmin
builtin:cloud.aws.ebs.throughput.read EBS volume read throughput Per second autoavgmaxmin
builtin:cloud.aws.ebs.throughput.write EBS volume write throughput Per second autoavgmaxmin
builtin:cloud.aws.ebs.idleTime EBS volume idle time % Percent (%) autoavgmaxmin
builtin:cloud.aws.ebs.queue EBS volume queue length Count autoavgmaxmin
builtin:cloud.aws.ec2.cpu.usage EC2 CPU usage % Percent (%) autoavgmaxmin
builtin:cloud.aws.ec2.disk.readOps EC2 instance storage read IOPS Per second autoavgmaxmin
builtin:cloud.aws.ec2.disk.readRate EC2 instance storage read rate kB/s autoavgmaxmin
builtin:cloud.aws.ec2.disk.writeOps EC2 instance storage write IOPS Per second autoavgmaxmin
builtin:cloud.aws.ec2.disk.writeRate EC2 instance storage write rate kB/s autoavgmaxmin
builtin:cloud.aws.ec2.net.rx EC2 network data received rate Byte/second autoavgmaxmin
builtin:cloud.aws.ec2.net.tx EC2 network data transmitted rate Byte/second autoavgmaxmin
builtin:cloud.aws.elb.errors.backend.connection CLB backend connection errors Count autovalue
builtin:cloud.aws.elb.errors.backend.http2xx CLB number of backend 2XX errors Count autovalue
builtin:cloud.aws.elb.errors.backend.http3xx CLB number of backend 3XX errors Count autovalue
builtin:cloud.aws.elb.errors.backend.http4xx CLB number of backend 4XX errors Count autovalue
builtin:cloud.aws.elb.errors.backend.http5xx CLB number of backend 5XX errors Count autovalue
builtin:cloud.aws.elb.errors.elb.http4xx CLB number of 4XX errors Count autovalue
builtin:cloud.aws.elb.errors.elb.http5xx CLB number of 5XX errors Count autovalue
builtin:cloud.aws.elb.errors.frontend CLB frontend errors percentage Percent (%) autoavgmaxmin
builtin:cloud.aws.elb.hosts.healthy CLB number of healthy hosts Count autoavgmaxmin
builtin:cloud.aws.elb.hosts.unhealthy CLB number of unhealthy hosts Count autoavgmaxmin
builtin:cloud.aws.elb.latency CLB latency Second autoavgmaxmin
builtin:cloud.aws.elb.reqCompl CLB number of completed requests Count autovalue
builtin:cloud.aws.lambda.concExecutions LambdaFunction concurrent executions count Count autoavgcountmaxminsum
builtin:cloud.aws.lambda.duration LambdaFunction code execution time. Millisecond autoavgcountmaxminsum
builtin:cloud.aws.lambda.errors LambdaFunction number of failed invocations with HTTP 4XX status code Count autovalue
builtin:cloud.aws.lambda.errorsRate LambdaFunction rate of failed invocations to all invocations % Percent (%) autoavgmaxmin
builtin:cloud.aws.lambda.invocations LambdaFunction number of times a function is invoked Count autovalue
builtin:cloud.aws.lambda.provConcExecutions LambdaFunction provisioned concurrent executions count Count autovalue
builtin:cloud.aws.lambda.provConcInvocations LambdaFunction provisioned concurrency invocation count Count autovalue
builtin:cloud.aws.lambda.provConcSpilloverInvocations LambdaFunction provisioned concurrency spillover invocation count Count autovalue
builtin:cloud.aws.lambda.throttlers LambdaFunction throttled function invocation count Count autovalue
builtin:cloud.aws.nlb.flow.active NLB number of active flows Count autoavgmaxmin
builtin:cloud.aws.nlb.flow.new NLB number of new flows Count autovalue
builtin:cloud.aws.nlb.tcp.reset.client NLB number of client resets Count autovalue
builtin:cloud.aws.nlb.tcp.reset.elb NLB number of resets Count autovalue
builtin:cloud.aws.nlb.tcp.reset.target NLB number of target resets Count autovalue
builtin:cloud.aws.nlb.bytes NLB number of processed bytes Count autovalue
builtin:cloud.aws.nlb.lcus NLB number of consumed LCUs Count autovalue
builtin:cloud.aws.rds.cpu.usage RDS CPU usage % Percent (%) autoavgmaxmin
builtin:cloud.aws.rds.latency.read RDS read latency Second autoavgmaxmin
builtin:cloud.aws.rds.latency.write RDS write latency Second autoavgmaxmin
builtin:cloud.aws.rds.memory.freeable RDS freeable memory Byte autoavgmaxmin
builtin:cloud.aws.rds.memory.swap RDS swap usage Byte autoavgmaxmin
builtin:cloud.aws.rds.net.rx RDS network received throughput Byte/second autoavgmaxmin
builtin:cloud.aws.rds.net.tx RDS network transmitted throughput Byte/second autoavgmaxmin
builtin:cloud.aws.rds.ops.read RDS read IOPS Per second autoavgmaxmin
builtin:cloud.aws.rds.ops.write RDS write IOPS Per second autoavgmaxmin
builtin:cloud.aws.rds.throughput.read RDS read throughput Byte/second autoavgmaxmin
builtin:cloud.aws.rds.throughput.write RDS write throughput Byte/second autoavgmaxmin
builtin:cloud.aws.rds.connections RDS connections Count autoavgmaxmin
builtin:cloud.aws.rds.free RDS free storage space % Percent (%) autoavgmaxmin
builtin:cloud.aws.rds.restarts RDS restarts Count autovalue

Source: tags-and-management-zones-aws.md


title: Tags and management zones for AWS integration source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/tags-and-management-zones-aws scraped: 2026-02-17T05:04:07.494866


Tags and management zones for AWS integration

Tags and management zones for AWS integration

  • How-to guide
  • 4-min read
  • Updated on Feb 20, 2024

To organize cloud entities in your environment and simplify searches for them, you can use tags and basic instance properties imported from the cloud, as well as tags and management zones assigned in Dynatrace. Tags and management zones are applied to cloud entities just as they are for other entities, but they are best applied via the entity selector.

Cloud entities in your environment

You can browse all cloud entites in your environment using their ID or type from cloud entity types via the entity selector, just as for other entities. You can also explore all available properties and relationships available for each individual resource or type.

You can also browse their metrics using entity selector as part of metric selector, e.g. in Data Explorer.

Cloud entity types

To learn more about Dynatrace cloud entities and to check which ones can have tags imported from the cloud, see Cloud services with their respective Dynatrace entity types.

Add an automatically applied tag to cloud entities

Follow the steps below to automatically apply a tag to cloud entities. To learn more about tags, see Define and apply tags.

  1. Go to Settings > Tags > Automatically applied tags.
  2. Select Create tag and type a name for the new tag in the Tag name field.
  3. Select Add a new rule.
  4. Optional Optional tag value. This value appears next to the tag name that the rule is specified for, after a :, and is used to provide more precise information based on the individual rule. Note that for rules based on the entity selector, this value cannot be extracted from the entity itself using placeholders.
  5. From the Rule type list, choose the Entity selector type.
  6. Use one of the code snippets from the examples and adapt it with your own values to apply tags to cloud entities matching your entity selector.
  7. Select Preview to verify the results returned by the specific entity selector.
  8. Select Save changes.

Example of a rule-based entity selector

Queue entity selector

Add cloud entities to existing management zones

Follow the steps below to add cloud entities to existing management zones. To learn more about management zones, see Set up management zones.

  1. Go to Settings > Preferences > Management zones.
  2. Edit an existing management zone and select Add a new rule.
  3. In the Rule applies to list, choose the Entity selector.
  4. Use one of the code snippets from the examples and adapt it with your own values to add to the management zone cloud entities matching the entity selector.
  5. Select Preview to verify the results returned by the specific entity selector.
  6. Select Save changes.

Example of a management zone based on the entity selector

Management zone for queues

Entity selector examples for AWS entities

You can use the examples below and cloud entity types to suit your own needs.

Regions and zones

AWS account

Tags

Other properties

Non-built-in cloud services types

type(CUSTOM_DEVICE), customDeviceSource("AWS"), customProperties("REGION_NAME:af-south-1")

Non-built-in cloud service - specific service type: Lambda

type(cloud:aws:lambda), customProperties("REGION_NAME:us-east-1")

Lambda (built-in) in region

type(AWS_LAMBDA_FUNCTION),toRelationships.isSiteOf(type(AWS_AVAILABILITY_ZONE),regionName("us-east-1"))

Lambda (built-in) in availability zones

type(AWS_LAMBDA_FUNCTION),toRelationships.isSiteOf(type(AWS_AVAILABILITY_ZONE),entityName("us-east-1a"))
type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040"))

Non-built-in cloud services

type(CUSTOM_DEVICE),tag([AWS]environment:dev)
type(CUSTOM_DEVICE),tag([AWS]owner:TeamA)

Non-built-in cloud service - specific service type

type(cloud:aws:s3),tag([AWS]environment:dev)
type(cloud:aws:lambda),tag([AWS]environment:dev)

Built-in cloud services

type(AWS_LAMBDA_FUNCTION),tag([AWS]environment:dev)
type(EC2_INSTANCE),tag([AWS]owner:TeamA)
type(RELATIONAL_DATABASE_SERVICE),tag([AWS]owner:TeamA)

Non-built-in cloud services

type(CUSTOM_DEVICE),arn("arn:aws:s3:::simple-storage-dev")
type(CUSTOM_DEVICE),customDeviceSource("AWS"), ipAddress(172.0.0.202)
type(CUSTOM_DEVICE),customDeviceSource("AWS"), ipAddress(172.0.0.202)

Non-built-in cloud service - specific service type

type(cloud:aws:api_gateway),customProperties("ApiId:9a8b7cd6ef")

Built-in cloud services

type("EC2_INSTANCE"),ipAddress("3.123.987.65")
type("RELATIONAL_DATABASE_SERVICE"),arn("arn:aws:rds:us-east-1:908070605040:db:database-1-instance-1")
type("RELATIONAL_DATABASE_SERVICE"),rdsEngine("aurora-mysql")

EC2

Lambda

Services

Process groups and hosts

type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040"))
type(EC2_INSTANCE),tag([AWS]owner:TeamA)

EC2s with OneAgent installed

type(EC2_INSTANCE),toRelationships.runsOn(type(HOST))

EC2s without OneAgent installed

type(EC2_INSTANCE),not(toRelationships.runsOn(type(HOST)))

Lambda properties

type(cloud:aws:lambda), customProperties("REGION_NAME:us-east-1")
type(cloud:aws:lambda), customProperties("Runtime:python3.8")
type(cloud:aws:lambda), customProperties("Version:$LATEST")

Lambda (built-in) in region

type(AWS_LAMBDA_FUNCTION),toRelationships.isSiteOf(type(AWS_AVAILABILITY_ZONE),regionName("us-east-1"))

Lambda (built-in) in availability zones

type(AWS_LAMBDA_FUNCTION),toRelationships.isSiteOf(type(AWS_AVAILABILITY_ZONE),entityName("us-east-1a"))

Lambdas with OneAgent installed

type(cloud:aws:lambda),toRelationships.runsOn(type(SERVICE))

Lambdas without OneAgent installed

type(cloud:aws:lambda),not(toRelationships.runsOn(type(SERVICE)))

Lambda (built-in) with OneAgent installed

type(AWS_LAMBDA_FUNCTION),toRelationships.runsOn(type(SERVICE))

Lambdas (built-in) without OneAgent installed

type(AWS_LAMBDA_FUNCTION),not(toRelationships.runsOn(type(SERVICE)))

Services also monitored by AWS integration

EC2

type(SERVICE),fromRelationships.runsOnHost(type(HOST),fromRelationships.runsOn(type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040"))))

Lambda

type(SERVICE),fromRelationships.runsOn(type(cloud:aws:lambda),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS)))

Lambda (built-in)

type(SERVICE),fromRelationships.runsOn(type(AWS_LAMBDA_FUNCTION),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS)))
type(SERVICE),fromRelationships.runsOn(type(AWS_LAMBDA_FUNCTION), entityId("AWS_LAMBDA_FUNCTION-60AAABCDF1234B3A"))
type(SERVICE),fromRelationships.runsOn(type(AWS_LAMBDA_FUNCTION),tag([AWS]Environment:DEV))

Process groups and hosts also monitored by AWS integration

type(HOST),fromRelationships.runsOn(type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040")))
type(PROCESS_GROUP_INSTANCE),fromRelationships.isProcessOf(type(HOST),fromRelationships.runsOn(type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040"))))
type(PROCESS_GROUP),fromRelationships.runsOn(type(HOST),fromRelationships.runsOn(type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040"))))

Source: cloudwatch-metrics.md


title: Monitor Amazon Web Services with CloudWatch metrics source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics scraped: 2026-02-16T21:27:50.903848


Monitor Amazon Web Services with CloudWatch metrics

Monitor Amazon Web Services with CloudWatch metrics

  • How-to guide
  • 23-min read
  • Updated on Feb 05, 2026

Follow this guide to start ingesting data remotely from Amazon CloudWatch.

Its main focus is on infrastructure monitoring of AWS services: Dynatrace monitoring AWS services via CloudWatch.

See What's next? for Full-Stack and Log Monitoring of your AWS services.

After you have established the initial monitoring, you can add, remove, or modify service monitoring using the Dynatrace web UI, at scale, or using the Dynatrace API.

Details of collected measurements

To learn the measurements collected for each of the AWS services, see:

The Amazon Web Services infrastructure monitoring provides metrics from CloudWatch, infrastructure data available via public AWS API, and specific events. The data is collected in five-minute intervals.

Cost of monitoring

Monitoring prerequisites

There are three prerequisites for the AWS monitoring setup:

  1. Dynatrace admin permissions

To manage AWS monitoring configuration, you need permissions to read and modify the builtin:cloud.aws schema.

  • Both settings:objects:read and settings:objects:write are required.
  • They are included in the Change monitoring settings permissions.
  • Read-only access is not supported.

See Manage user permissions with roles for details on how to manage and set permissions.

  1. Allow ActiveGate to access URLs

To monitor Amazon Web Services, Dynatrace needs to be able to connect to the Amazon CloudWatch API and query it periodically. At least one ActiveGate needs to be able to connect to Amazon CloudWatch to perform the monitoring tasks. Your ActiveGate needs to be deployed on an EC2 instance and be able to connect to the endpoints listed below.

From Dynatrace version 1.267+, only role-based access can be used. Key-based authorization is no longer available for new credentials. For existing key-based credentials, you can keep using keys indefinitely. We recommend switching to role-based authentication using the dedicated button on the configuration page. Dynatrace automatically checks the configuration to ensure the correct configuration of roles.

Key-based authentication is allowed only for AWS GovCloud and China partitions.

An ActiveGate capable of monitoring your AWS account for classic (built-in) supported services is already provided and available within the Dynatrace AWS account.

However, to monitor specific non-default AWS cloud services or if your AWS account exceeds 2,000 AWS resources, you must install and configure an Environment ActiveGate. Follow the ActiveGate installation guide and resume this guide when done.

You must install and configure an Environment ActiveGate if you want to monitor either or both of the following:

Allow ActiveGate to access AWS URLs

The integration accesses the following AWS API endpoints, so they must be accessible from your ActiveGate:

  • AWS Security Token Service (AWS STS)
https://sts.<REGION>.amazonaws.com/
https://sts.amazonaws.com/

AWS STS global endpoint is not supported. Make sure that sts.<REGION>.amazonaws.com is accessible for the regions you want to monitor.

See AWS STS Regionalized endpoints for more details.

  • AWS Resource Groups Tagging

https://tagging.<REGION>.amazonaws.com/
* Amazon CloudWatch

https://monitoring.<REGION>.amazonaws.com/
* Amazon EC2

ec2.<REGION>.amazonaws.com

Other endpoints may be required depending on the services you need to monitor.

Consult the tables below for endpoints specific to each service you might want to monitor and for AWS Regions supported by Dynatrace AWS Monitoring.

AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services

Endpoint Service
autoscaling.<REGION>.amazonaws.com Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.com AWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.com Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.com Amazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.com Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.com Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.com Amazon S3 (built-in)
acm-pca.<REGION>.amazonaws.com AWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.com Amazon API Gateway
apprunner.<REGION>.amazonaws.com AWS App Runner
appstream2.<REGION>.amazonaws.com Amazon AppStream
appsync.<REGION>.amazonaws.com AWS AppSync
athena.<REGION>.amazonaws.com Amazon Athena
cloudfront.amazonaws.com Amazon CloudFront
cloudhsmv2.<REGION>.amazonaws.com AWS CloudHSM
cloudsearch.<REGION>.amazonaws.com Amazon CloudSearch
codebuild.<REGION>.amazonaws.com AWS CodeBuild
datasync.<REGION>.amazonaws.com AWS DataSync
dax.<REGION>.amazonaws.com Amazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.com AWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.com AWS Direct Connect
ecs.<REGION>.amazonaws.com Amazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.com Amazon Elastic File System (EFS)
eks.<REGION>.amazonaws.com Amazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.com Amazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.com AWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.com Amazon Elastic Transcoder
es.<REGION>.amazonaws.com Amazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.com Amazon EventBridge
fsx.<REGION>.amazonaws.com Amazon FSx
gamelift.<REGION>.amazonaws.com Amazon GameLift
glue.<REGION>.amazonaws.com AWS Glue
inspector.<REGION>.amazonaws.com Amazon Inspector
kafka.<REGION>.amazonaws.com Amazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.com Amazon Lex
logs.<REGION>.amazonaws.com Amazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.com AWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.com AWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.com AWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.com AWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.com AWS OpsWorks
qldb.<REGION>.amazonaws.com Amazon QLDB
redshift.<REGION>.amazonaws.com Amazon Redshift
robomaker.<REGION>.amazonaws.com AWS RoboMaker
route53.amazonaws.com Amazon Route 53
route53resolver.<REGION>.amazonaws.com Amazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.com Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.com Amazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.com Amazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.com AWS Storage Gateway
swf.<REGION>.amazonaws.com Amazon SWF
transfer.<REGION>.amazonaws.com AWS Transfer Family
workmail.<REGION>.amazonaws.com Amazon WorkMail
workspaces.<REGION>.amazonaws.com Amazon WorkSpaces

AWS Regions supported by Dynatrace AWS Monitoring

  • us-gov-west-1: AWS GovCloud (US)
  • us-gov-east-1: AWS GovCloud (US-East)
  • us-east-1: US East (N. Virginia)
  • us-east-2: US East (Ohio)
  • us-west-1: US West (N. California)
  • us-west-2: US West (Oregon)
  • eu-west-1: EU (Ireland)
  • eu-west-2: EU (London)
  • eu-west-3: EU (Paris)
  • eu-central-1: EU (Frankfurt)
  • eu-central-2: EU (Zurich)
  • eu-north-1: EU (Stockholm)
  • eu-south-1: EU (Milan)
  • eu-south-2: EU (Spain)
  • ap-east-1: Asia Pacific (Hong Kong)
  • ap-east-2: Asia Pacific (Taipei)
  • ap-south-1: Asia Pacific (Mumbai)
  • ap-south-2: Asia Pacific (Hyderabad)
  • ap-southeast-1: Asia Pacific (Singapore)
  • ap-southeast-2: Asia Pacific (Sydney)
  • ap-southeast-3: Asia Pacific (Jakarta)
  • ap-southeast-4: Asia Pacific (Melbourne)
  • ap-southeast-5: Asia Pacific (Malaysia)
  • ap-southeast-6: Asia Pacific (New Zealand)
  • ap-southeast-7: Asia Pacific (Thailand)
  • ap-northeast-1: Asia Pacific (Tokyo)
  • ap-northeast-2: Asia Pacific (Seoul)
  • ap-northeast-3: Asia Pacific (Osaka)
  • sa-east-1: South America (Sao Paulo)
  • cn-north-1: China (Beijing)
  • cn-northwest-1: China (Ningxia)
  • ca-central-1: Canada (Central)
  • ca-west-1: Canada West (Calgary)
  • il-central-1: Israel (Tel Aviv)
  • me-central-1: Middle East (UAE)
  • me-south-1: Middle East (Bahrain)
  • mx-central-1: Mexico (Central)
  • af-south-1: Africa (Cape Town)
  • us-iso-east-1: US ISO East
  • us-isob-east-1: US ISOB East (Ohio)
  • us-iso-west-1: US ISO West

Proxy

The most frequent cause of certificate issues with the TLS interception proxy is a missing proxy's CA certificate in the ActiveGate truststore.

If you're still having proxy issues, see:

"Communication error."

Make sure that the URLs are whitelisted. Otherwise, you might get communication or timeout errors.

  1. AWS monitoring policy and role-based authentication

To perform these steps, you need to have AWS admin privileges.

The AWS monitoring policy defines the minimal scope of permissions you need to give to Dynatrace to monitor the services running in your AWS account. Create it once and use it any time when enabling Dynatrace access to your AWS account. If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for all AWS cloud services, a list of optional permissions specific to that service.

Permissions required for AWS monitoring integration:

  • "cloudwatch:GetMetricData"
  • "cloudwatch:GetMetricStatistics"
  • "cloudwatch:ListMetrics"
  • "sts:GetCallerIdentity"
  • "tag:GetResources"
  • "tag:GetTagKeys"
  • "ec2:DescribeAvailabilityZones"

Complete list of permissions for cloud services

Name Permissions
All monitored Amazon services Required cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones
AWS Certificate Manager Private Certificate Authority acm-pca:ListCertificateAuthorities
Amazon MQ
Amazon API Gateway apigateway:GET
AWS App Runner apprunner:ListServices
Amazon AppStream appstream:DescribeFleets
AWS AppSync appsync:ListGraphqlApis
Amazon Athena athena:ListWorkGroups
Amazon Aurora rds:DescribeDBClusters
Amazon EC2 Auto Scaling autoscaling:DescribeAutoScalingGroups
Amazon EC2 Auto Scaling (built-in) autoscaling:DescribeAutoScalingGroups
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront cloudfront:ListDistributions
AWS CloudHSM cloudhsm:DescribeClusters
Amazon CloudSearch cloudsearch:DescribeDomains
AWS CodeBuild codebuild:ListProjects
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS) eks:ListClusters
AWS DataSync datasync:ListTasks
Amazon DynamoDB Accelerator (DAX) dax:DescribeClusters
AWS Database Migration Service (AWS DMS) dms:DescribeReplicationInstances
Amazon DocumentDB rds:DescribeDBClusters
AWS Direct Connect directconnect:DescribeConnections
Amazon DynamoDB dynamodb:ListTables
Amazon DynamoDB (built-in) dynamodb:ListTables, dynamodb:ListTagsOfResource
Amazon EBS ec2:DescribeVolumes
Amazon EBS (built-in) ec2:DescribeVolumes
Amazon EC2 API
Amazon EC2 (built-in) ec2:DescribeInstances
Amazon EC2 Spot Fleet ec2:DescribeSpotFleetRequests
Amazon Elastic Container Service (ECS) ecs:ListClusters
Amazon ECS Container Insights ecs:ListClusters
Amazon ElastiCache (EC) elasticache:DescribeCacheClusters
AWS Elastic Beanstalk elasticbeanstalk:DescribeEnvironments
Amazon Elastic File System (EFS) elasticfilesystem:DescribeFileSystems
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR) elasticmapreduce:ListClusters
Amazon Elasticsearch Service (ES) es:ListDomainNames
Amazon Elastic Transcoder elastictranscoder:ListPipelines
Amazon Elastic Load Balancer (ELB) (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon EventBridge events:ListEventBuses
Amazon FSx fsx:DescribeFileSystems
Amazon GameLift gamelift:ListFleets
AWS Glue glue:GetJobs
Amazon Inspector inspector:ListAssessmentTemplates
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka kafka:ListClusters
Amazon Kinesis Data Analytics kinesisanalytics:ListApplications
Amazon Data Firehose firehose:ListDeliveryStreams
Amazon Kinesis Data Streams kinesis:ListStreams
Amazon Kinesis Video Streams kinesisvideo:ListStreams
AWS Lambda lambda:ListFunctions
AWS Lambda (built-in) lambda:ListFunctions, lambda:ListTags
Amazon Lex lex:GetBots
Amazon Application and Network Load Balancer (built-in) elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth
Amazon CloudWatch Logs logs:DescribeLogGroups
AWS Elemental MediaConnect mediaconnect:ListFlows
AWS Elemental MediaConvert mediaconvert:DescribeEndpoints
AWS Elemental MediaPackage Live mediapackage:ListChannels
AWS Elemental MediaPackage Video on Demand mediapackage-vod:ListPackagingConfigurations
AWS Elemental MediaTailor mediatailor:ListPlaybackConfigurations
Amazon VPC NAT Gateways ec2:DescribeNatGateways
Amazon Neptune rds:DescribeDBClusters
AWS OpsWorks opsworks:DescribeStacks
Amazon Polly
Amazon QLDB qldb:ListLedgers
Amazon RDS rds:DescribeDBInstances
Amazon RDS (built-in) rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource
Amazon Redshift redshift:DescribeClusters
Amazon Rekognition
AWS RoboMaker robomaker:ListSimulationJobs
Amazon Route 53 route53:ListHostedZones
Amazon Route 53 Resolver route53resolver:ListResolverEndpoints
Amazon S3 s3:ListAllMyBuckets
Amazon S3 (built-in) s3:ListAllMyBuckets
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances sagemaker:ListEndpoints
Amazon SageMaker Endpoints sagemaker:ListEndpoints
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS) sns:ListTopics
Amazon Simple Queue Service (SQS) sqs:ListQueues
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway storagegateway:ListGateways
Amazon SWF swf:ListDomains
Amazon Textract
AWS IoT Things Graph
AWS Transfer Family transfer:ListServers
AWS Transit Gateway ec2:DescribeTransitGateways
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN ec2:DescribeVpnConnections
AWS WAF Classic
AWS WAF
Amazon WorkMail workmail:ListOrganizations
Amazon WorkSpaces workspaces:DescribeWorkspaces

To get the information required for comprehensive AWS cloud-computing monitoring, you have to authorize Dynatrace to access your Amazon metrics. Dynatrace will identify all the virtualized infrastructure components in your AWS environment and collect performance metrics related to those components.

Next, select the deployment model that best describes your environment and follow the procedure for that model.

Deployment with no ActiveGate

Deployment with existing ActiveGate

Dynatrace SaaS needs a role-based monitoring access to your AWS account.

You won't be able to monitor non-default AWS cloud services without an AWS-hosted Environment ActiveGate.

You will need:

  • AWS account ID
  • Rights to assign role-based access to your AWS account
  • External ID, which can be acquired as follows.

  • Go to Settings > Cloud and virtualization > AWS.

  • Select Connect new Instance.
  • Under Authentication method select Role-based authentication.
  • Under Your Amazon account ID select Copy to copy the token (External ID).

To create role-based access

  1. Download a YAML file with CloudFormation template from cloud-snippets/role_based_access_no_AG_template.yml.
  2. Create the stack in your Amazon Console:

  3. In your Amazon Console, go to CloudFormation.

  4. Go to Stacks and create a new stack with new resources.
  5. Select Template is ready, upload the template you've created above, and select Next.
  6. In Parameters, enter the External ID.
  7. Enter a name for your stack and select Next twice.
  8. Review your configuration and accept the policy terms.
  9. Select Create stack.

Alternative: create stack via CLI

To create the stack using the CLI, run the command below, making sure to replace the parameter values with your actual values.

You also need to remove the angle brackets (< and >).

aws cloudformation create-stack \



--capabilities CAPABILITY_NAMED_IAM \



--stack-name <stack_name> \



--template-body <file:///home/user/template_file.yaml> \



--parameters ParameterKey=ExternalID,ParameterValue=<external_id> ParameterKey=RoleName,ParameterValue=<role_name> ParameterKey=PolicyName,ParameterValue=<policy_name>

The instructions below are applicable whether or not the account hosting your ActiveGate is the same as your monitored account. In a typical setup, you need to create two CloudFormation stacks using CloudFormation templates:

  • A CloudFormation stack from the account hosting your ActiveGate, containing the following resources:

  • A role for your Environment ActiveGate hosted in your AWS infrastructure, on an Amazon EC2 host.

  • Its attached policy, defining the monitored account permissions.
  • A CloudFormation stack from the monitored account, containing the following resources:

  • A dedicated monitoring role for Dynatrace in your AWS account.

  • Its attached policy, defining the Dynatrace authentication permissions to your AWS environment.

To monitor multiple accounts, use the role_based_access_AG_account_multiple_monitoring_roles_template.yml and repeat the Create a role for ActiveGate on the account that hosts ActiveGate steps to create a stack for each monitored account.

You will need:

  • An ActiveGate installed on an Amazon EC2 host. It must be able to assume a role within your AWS account that allows it to read the Dynatrace monitoring data.
  • The ID of the AWS account that hosts the ActiveGate (the account that hosts your Dynatrace components, which in this case is the one hosting the Environment ActiveGate).
  • The Amazon Web Services monitored account ID (the account that you want to monitor).
  • The name of the role with which your Environment ActiveGate was started.
  • The External ID, which you can get as follows.

  • Go to Settings > Cloud and virtualization > AWS.

  • Select Connect new instance.
  • Under Authentication method, select Role-based authentication.
  • Under Token, select Copy to copy the token (the External ID) to your clipboard.

Create a role for ActiveGate on the account that hosts ActiveGate

  1. Download the role_based_access_AG_account_template.yml.
  2. Create the stack in your Amazon Console:

  3. In your Amazon Console, go to CloudFormation.

  4. Go to Stacks and create a new stack with new resources.
  5. Select Template is ready, upload the template you created above, and then select Next.
  6. In Parameters, for Monitored Account ID, enter the ID of the account Dynatrace will monitor. Optionally, adapt other parameters as needed.
  7. Enter a name for your stack, and then select Next twice.
  8. Review your configuration, select I acknowledge that AWS CloudFormation might create IAM resources with custom names, and select Submit.

You can also create a stack via CLI using the command below:

aws cloudformation create-stack \



--capabilities CAPABILITY_NAMED_IAM \



--stack-name <stack_name> \



--template-body <file:///home/user/template_file.yaml> \



--parameters ParameterKey=ActiveGateRoleName,ParameterValue=<role_name> ParameterKey=AssumePolicyName,ParameterValue=<policy_name> ParameterKey=MonitoringRoleName,ParameterValue=<monitoring_role_name> ParameterKey=MonitoredAccountID,ParameterValue=<monitored_account_id>
  1. Go to the Amazon EC2 console, right-click an instance hosting your Environment ActiveGate, and select Security > Modify IAM role.
  2. Select the role you created and select Update IAM role.

Create a monitoring role for Dynatrace on your monitored account

After the Dynatrace_ActiveGate_role is created on the account hosting the ActiveGate, create a role for the account to be monitored.

  1. Download a YAML file with CloudFormation template from role_based_access_monitored_account_template.yml.
  2. Create the stack in your Amazon Console:

  3. In your Amazon Console, go to CloudFormation.

  4. Go to Stacks and create a new stack with new resources.
  5. Select Template is ready, upload the template you created above, and select Next.
  6. In Parameters, enter External ID, ActiveGateRoleName and ActiveGateAccountID from the stack you created. Optionally, adapt other parameters if needed.
  7. Enter a name for your stack, and then select Next twice.
  8. Review your configuration, enable I acknowledge that AWS CloudFormation might create IAM resources with custom names, and select Submit.

You can also create a stack via CLI using the command below:

aws cloudformation create-stack \



--capabilities CAPABILITY_NAMED_IAM \



--stack-name <stack_name> \



--template-body <file:///home/user/template_file.yaml> \



--parameters ParameterKey=ExternalID,ParameterValue=<external_id> ParameterKey=ActiveGateRoleName,ParameterValue=<activegate_role_name> ParameterKey=ActiveGateAccountID,ParameterValue=<activegate_account_id>

Modify ActiveGate configuration

Starting with ActiveGate version 1.217, AWS monitoring is enabled by default. For configuration details, see Customize ActiveGate properties. The following configuration settings refer to earlier ActiveGate versions.

  1. Edit the custom.properties file of your Environment ActiveGate.
  2. Make the following property settings:
[aws_monitoring]



use_aws_proxy_role = false



aws_monitoring_enabled = true

If the ActiveGate is dedicated to AWS monitoring, you also need to set the MSGrouter property as follows:

[collector]



MSGrouter = false
3. Save the file and restart the ActiveGate main service.

Key-based authentication (AWS GovCloud and AWS China only)

Only for AWS GovCloud and China partitions is key-based authentication allowed.

In this scenario you have to create an AWS monitoring policy and generate a key pair with that policy.

AWS Identity and Access Management (IAM) permission boundaries may deny AWS actions required by Dynatrace. If you use IAM permission boundary on your AWS account, make sure that actions from policy are allowed in all AWS Regions within permission boundary.

To create the AWS monitoring policy

  1. In your Amazon Console, go to Identity and Access Management.
  2. Go to Policies and select Create policy.
  3. Select the JSON tab and paste the predefined policy from the box below.

{



"Version": "2012-10-17",



"Statement": [



{



"Sid": "VisualEditor0",



"Effect": "Allow",



"Action": [



"acm-pca:ListCertificateAuthorities",



"apigateway:GET",



"apprunner:ListServices",



"appstream:DescribeFleets",



"appsync:ListGraphqlApis",



"athena:ListWorkGroups",



"autoscaling:DescribeAutoScalingGroups",



"cloudformation:ListStackResources",



"cloudfront:ListDistributions",



"cloudhsm:DescribeClusters",



"cloudsearch:DescribeDomains",



"cloudwatch:GetMetricData",



"cloudwatch:GetMetricStatistics",



"cloudwatch:ListMetrics",



"codebuild:ListProjects",



"datasync:ListTasks",



"dax:DescribeClusters",



"directconnect:DescribeConnections",



"dms:DescribeReplicationInstances",



"dynamodb:ListTables",



"dynamodb:ListTagsOfResource",



"ec2:DescribeAvailabilityZones",



"ec2:DescribeInstances",



"ec2:DescribeNatGateways",



"ec2:DescribeSpotFleetRequests",



"ec2:DescribeTransitGateways",



"ec2:DescribeVolumes",



"ec2:DescribeVpnConnections",



"ecs:ListClusters",



"eks:ListClusters",



"elasticache:DescribeCacheClusters",



"elasticbeanstalk:DescribeEnvironmentResources",



"elasticbeanstalk:DescribeEnvironments",



"elasticfilesystem:DescribeFileSystems",



"elasticloadbalancing:DescribeInstanceHealth",



"elasticloadbalancing:DescribeListeners",



"elasticloadbalancing:DescribeLoadBalancers",



"elasticloadbalancing:DescribeRules",



"elasticloadbalancing:DescribeTags",



"elasticloadbalancing:DescribeTargetHealth",



"elasticmapreduce:ListClusters",



"elastictranscoder:ListPipelines",



"es:ListDomainNames",



"events:ListEventBuses",



"firehose:ListDeliveryStreams",



"fsx:DescribeFileSystems",



"gamelift:ListFleets",



"glue:GetJobs",



"inspector:ListAssessmentTemplates",



"kafka:ListClusters",



"kinesis:ListStreams",



"kinesisanalytics:ListApplications",



"kinesisvideo:ListStreams",



"lambda:ListFunctions",



"lambda:ListTags",



"lex:GetBots",



"logs:DescribeLogGroups",



"mediaconnect:ListFlows",



"mediaconvert:DescribeEndpoints",



"mediapackage-vod:ListPackagingConfigurations",



"mediapackage:ListChannels",



"mediatailor:ListPlaybackConfigurations",



"opsworks:DescribeStacks",



"qldb:ListLedgers",



"rds:DescribeDBClusters",



"rds:DescribeDBInstances",



"rds:DescribeEvents",



"rds:ListTagsForResource",



"redshift:DescribeClusters",



"robomaker:ListSimulationJobs",



"route53:ListHostedZones",



"route53resolver:ListResolverEndpoints",



"s3:ListAllMyBuckets",



"sagemaker:ListEndpoints",



"sns:ListTopics",



"sqs:ListQueues",



"storagegateway:ListGateways",



"sts:GetCallerIdentity",



"swf:ListDomains",



"tag:GetResources",



"tag:GetTagKeys",



"transfer:ListServers",



"workmail:ListOrganizations",



"workspaces:DescribeWorkspaces"



],



"Resource": "*"



}



]



}
4. Give the policy a name. 5. Select Create policy.

You'll need to generate an Access key and a Secret access key that Dynatrace can use to get metrics from Amazon Web Services.

  1. In your Amazon Console, go to Users and select Add Users.
  2. Enter the User name.
  3. In the next screen, choose Attach policies directly and attach the policy that you created before.
  4. Review the user details and select Create user.
  5. From the list of users, select your newly created user name and go to Security credentials, then select Create access key.
  6. On Access key best practices & alternatives, select Third-party service, then select Next.
  7. On Retrieve access keys, store the Access Key ID name (AKID) and Secret access key values.
  8. You can either download the user credentials or copy the credentials displayed online (select Show).

Alternative: create AWS roles with Terraform

Terraform templates are an alternative way of creating and configuring AWS roles. For detailed instructions on how to create AWS roles with Terraform, see Configuring AWS role-based access with Terraform

Create monitoring configuration

You can create, activate, and manage multiple monitoring connections. Each connection is defined by the credentials and/or access tokens required for Dynatrace to be able to pull in the data.

Why configuration is performed per connection

Allowing for multiple connections and configurations makes it possible to monitor even extremely complex environments. With such an approach, you don't need to configure everything at once. Instead, you can gradually add monitoring configurations to your existing setup. Such an architecture also makes it easy to react to the dynamic changes of the monitored environment, without needing to reconfigure the unaffected elements.

  1. Add a new AWS connection

If you've followed all the prior steps, you're ready to configure Amazon Web Services monitoring.

To add a new AWS connection

  1. Open Clouds Clouds.
  2. Select Integration manager tab.
  3. Learn how to navigate and connect a new instance via Integration manager.

  4. AWS cloud services monitored by default

After Dynatrace connects to your AWS environment, it immediately starts monitoring selected AWS services. Classic (formerly 'built-in') AWS metrics metrics Dynatrace collects by default for AWS monitoring.") lists the metrics of AWS cloud services monitored by default.

  1. Monitor other AWS services

In addition to AWS services, it's also possible to monitor all other AWS cloud services. AWS cloud services are enabled for monitoring per AWS connection.

To add a service to monitoring:

  1. Go to Settings > Cloud and virtualization > AWS.
  2. On the AWS overview page, find the connection that you want to change and select Edit Edit in that row.
  3. Under Services, select Manage services.
  4. Select Add service.
  5. Select the service from the list and then select Add service.
  6. Select Save changes to save your configuration.

You can add multiple cloud services by repeating the steps above.

Configuration of collected metrics per service

After you add a service, Dynatrace automatically starts collecting a set of metrics for this particular service.

Recommended metrics:

  • Enabled by default
  • Can not be disabled
  • Can come with recommended dimensions (enabled by default, can't be disabled)
  • Can come with optional dimensions (disabled by default, can be enabled)

Apart from the recommended metrics, most services have the possibility of enabling optional metrics that can be added and configured manually.

List of AWS cloud services and collected metrics

To see the complete list of AWS cloud services and learn about the metrics collected for each of them, see All AWS cloud services.

Alternatively, you can check the list of supported AWS Services within in-product Dynatrace Hub (search for AWS) or in the web version of Dynatrace Hub.

To add and configure metrics

  1. Go to Settings > Cloud and virtualization > AWS.
  2. On the AWS overview page, find the connection that you want to change and select the edit icon next to its name.
  3. Go to Services and select Manage services.
  4. To add a metric select the service for which you want to add metrics and select Add new metric.
  5. From the menu select Add metric for the metric you want to monitor.
  6. Select Edit to configure the metric.
  7. Select Apply to save your configuration.

After you select the cloud services and save your changes, monitoring of the newly added services starts automatically.

What's next?

Within minutes, you'll see the data on your dashboards.

To see the core measurements per each of the AWS connections

  1. Go to AWS AWS Classic.
  2. Select the connection for which you want to see an overview of the AWS infrastructure.

You can also build your own dashboard from the metrics collected for your AWS instances. For details on building dashboards, see Dashboards Classic.

Virtual Machines, containers, and deep code monitoring with Dynatrace OneAgent

Dynatrace OneAgent offers unparalleled depth of insight into hosts, containers, and code. To learn more, see Set up Dynatrace on Amazon Web Services.

Further configuration for notifications and alerts

After you set up AWS monitoring, you can:

  • Set up metric events for alerting. This enables you to create, enable, disable and configure recommended alerting rules.
  • Limit API calls to AWS using tags. By default, Dynatrace monitors all Amazon Web Services that have been specified in your permission policy. Optionally, you can use tagging to limit the AWS resources that are monitored by Dynatrace.

Integrate CloudWatch Metric Streams

This method of monitoring does not require an ActiveGate. Dynatrace integration with Amazon CloudWatch Metric Streams provides a simple and safe way to ingest AWS metrics. Amazon CloudWatch Metric Streams allows all metrics issued in a given AWS region to be streamed through Kinesis Firehose to the Dynatrace API. For details, see Amazon CloudWatch Metric Streams.

OpenTelemetry and distributed tracing

It is also possible to trace AWS Lambda .NET Core functions with OpenTelemetry .NET.